{"id":5438,"name":"ecdsa","ecosystem":"pip","repository_url":"https://github.com/tlsfuzzer/python-ecdsa","issues_count":132,"created_at":"2025-06-06T17:12:50.914Z","updated_at":"2025-06-06T17:12:50.914Z","purl":"pkg:pypi/ecdsa","metadata":{"id":2719981,"name":"ecdsa","ecosystem":"pypi","description":"ECDSA cryptographic signature library (pure python)","homepage":"http://github.com/tlsfuzzer/python-ecdsa","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/tlsfuzzer/python-ecdsa","keywords_array":[],"namespace":null,"versions_count":22,"first_release_published_at":"2010-10-16T02:50:08.000Z","latest_release_published_at":"2025-03-13T11:52:41.000Z","latest_release_number":"0.19.1","last_synced_at":"2025-06-06T11:31:56.039Z","created_at":"2022-04-10T10:51:23.126Z","updated_at":"2025-06-06T11:31:56.040Z","registry_url":"https://pypi.org/project/ecdsa/","install_command":"pip install ecdsa --index-url https://pypi.org/simple","documentation_url":"https://ecdsa.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Programming Language :: Python","Programming Language :: Python :: 2","Programming Language :: Python :: 2.6","Programming Language :: Python :: 2.7","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9"],"normalized_name":"ecdsa"},"repo_metadata":{"id":875128,"uuid":"617112","full_name":"tlsfuzzer/python-ecdsa","owner":"tlsfuzzer","description":"pure-python ECDSA signature/verification and ECDH key agreement","archived":false,"fork":false,"pushed_at":"2025-03-13T11:49:46.000Z","size":1044,"stargazers_count":940,"open_issues_count":16,"forks_count":317,"subscribers_count":47,"default_branch":"master","last_synced_at":"2025-05-27T00:11:21.705Z","etag":null,"topics":["cryptography","digital-signatures","ecdh","ecdsa","elliptic-curves","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tlsfuzzer.png","metadata":{"files":{"readme":"README.md","changelog":"NEWS","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2010-04-19T02:22:17.000Z","updated_at":"2025-05-25T03:15:20.000Z","dependencies_parsed_at":"2024-01-15T23:03:13.356Z","dependency_job_id":"96c6e1b3-c47d-4125-ba11-c1e05761c6a9","html_url":"https://github.com/tlsfuzzer/python-ecdsa","commit_stats":{"total_commits":517,"total_committers":50,"mean_commits":10.34,"dds":0.5570599613152805,"last_synced_commit":"eed49e25683d656ba211a8cd97bf93da34450cf5"},"previous_names":["warner/python-ecdsa"],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tlsfuzzer","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257416607,"owners_count":22543454,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tlsfuzzer","name":"tlsfuzzer","uuid":"74566338","kind":"organization","description":"tlsfuzzer and related libraries useful for testing cryptographic implementations","email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/74566338?v=4","repositories_count":3,"last_synced_at":"2024-03-25T19:59:02.494Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tlsfuzzer","funding_links":[],"total_stars":1626,"followers":11,"following":0,"created_at":"2022-11-02T16:22:53.610Z","updated_at":"2024-03-25T19:59:03.543Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tlsfuzzer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tlsfuzzer/repositories"},"tags":[{"name":"python-ecdsa-0.19.1","sha":"2a6593d840ad153a16ebdd4f9b772b290494f3e3","kind":"commit","published_at":"2025-03-13T11:48:15.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.19.1","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.19.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.19.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.19.1/manifests"},{"name":"python-ecdsa-0.19.0","sha":"be70016f8911f79e891a65dcfcb602e5ba866ed3","kind":"commit","published_at":"2024-04-08T18:59:55.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.19.0","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.19.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.19.0/manifests"},{"name":"python-ecdsa-0.18.0","sha":"341e0d8be9fedf66fbc9a95630b4ed2138343380","kind":"commit","published_at":"2022-07-09T12:49:17.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.18.0","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.18.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0/manifests"},{"name":"python-ecdsa-0.18.0b2","sha":"5f93d9d0c49f924fb33aee046c272859dd02eddd","kind":"commit","published_at":"2022-01-05T17:32:04.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.18.0b2","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.18.0b2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0b2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0b2/manifests"},{"name":"python-ecdsa-0.18.0b1","sha":"c8802e5c4f20557b674ef3d724985d40b5ff0537","kind":"commit","published_at":"2021-08-03T12:09:39.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.18.0b1","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.18.0b1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0b1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.18.0b1/manifests"},{"name":"python-ecdsa-0.17.0","sha":"5aa87c52c25a476f691b570be3577ff71cd01982","kind":"commit","published_at":"2021-05-27T18:07:15.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.17.0","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.17.0/manifests"},{"name":"python-ecdsa-0.16.1","sha":"9d5a727c766773b8367f6dd0a49bbda21c18dbe7","kind":"commit","published_at":"2020-11-12T19:12:49.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.16.1","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.16.1/manifests"},{"name":"python-ecdsa-0.16.0","sha":"f27b20ff2a67c6b1afe473dd347c8da5c4017e34","kind":"commit","published_at":"2020-08-27T14:41:17.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.16.0","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.16.0/manifests"},{"name":"python-ecdsa-0.15","sha":"93b04ba3ddb7c2716e07761393a179c061718c34","kind":"commit","published_at":"2020-01-02T16:05:04.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.15","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.15/manifests"},{"name":"python-ecdsa-0.14.1","sha":"c3136e4250e7e2c53191acccbff8a936479536af","kind":"commit","published_at":"2019-11-06T21:45:35.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.14.1","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.14.1/manifests"},{"name":"python-ecdsa-0.14","sha":"84dbe0dc1a545c6680a1e7dae43a647032c78b5b","kind":"commit","published_at":"2019-11-06T19:03:05.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.14","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.14/manifests"},{"name":"python-ecdsa-0.13.3","sha":"7add2213c992f51267eed8288b560f3f4108a28d","kind":"commit","published_at":"2019-10-07T13:58:12.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.13.3","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.3/manifests"},{"name":"python-ecdsa-0.13.2","sha":"bb359d32e93acc3eb4d216aff4ba0e7531599cfb","kind":"commit","published_at":"2019-04-17T19:32:58.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.13.2","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.2/manifests"},{"name":"python-ecdsa-0.13.1","sha":"7221f8b71435d69c1c204927de156cc5f7748df7","kind":"commit","published_at":"2019-04-17T13:56:14.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.13.1","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13.1/manifests"},{"name":"python-ecdsa-0.13","sha":"5a6fc047222cf21ad89f6cbf8782d0f1e3ddacda","kind":"commit","published_at":"2015-02-07T18:19:14.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.13","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.13/manifests"},{"name":"python-ecdsa-0.12","sha":"2d6792b7780d8b0c5dfb1283cbe012e57a0d06c9","kind":"commit","published_at":"2015-02-06T21:33:14.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.12","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.12/manifests"},{"name":"python-ecdsa-0.11","sha":"36e9cfa80fcf8b53119adc787e54a5892ec1eb2c","kind":"commit","published_at":"2014-03-10T22:51:15.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.11","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.11/manifests"},{"name":"python-ecdsa-0.10","sha":"3a15318fd9c2ab6bb558cbddb67fbf1757bd3766","kind":"commit","published_at":"2013-10-23T18:35:46.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.10","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.10/manifests"},{"name":"python-ecdsa-0.9","sha":"892362dde5b36c170bbb65faae059bd8fb51a90f","kind":"commit","published_at":"2013-10-02T00:04:38.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.9","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.9/manifests"},{"name":"python-ecdsa-0.8","sha":"f03abf93968019758c6e00753d1b34b87fecd27e","kind":"commit","published_at":"2011-10-04T22:49:25.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.8","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.8/manifests"},{"name":"python-ecdsa-0.7","sha":"8a9cdf063f035e2950a9131dfa6712d69bc5f09d","kind":"commit","published_at":"2010-11-28T19:46:59.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.7","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.7/manifests"},{"name":"python-ecdsa-0.6","sha":"15c2c57a279336b33d2dea1067a0e216cdd142e3","kind":"commit","published_at":"2010-10-16T00:46:52.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.6","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.6/manifests"},{"name":"python-ecdsa-0.5","sha":"d492d94f3ca88d63a4f384f333a1450adb322304","kind":"tag","published_at":"2010-04-27T19:06:38.000Z","download_url":"https://codeload.github.com/tlsfuzzer/python-ecdsa/tar.gz/python-ecdsa-0.5","html_url":"https://github.com/tlsfuzzer/python-ecdsa/releases/tag/python-ecdsa-0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa/tags/python-ecdsa-0.5/manifests"}]},"repo_metadata_updated_at":"2025-06-02T09:35:52.595Z","dependent_packages_count":252,"downloads":21105035,"downloads_period":"last-month","dependent_repos_count":15243,"rankings":{"downloads":0.09922317916589406,"dependent_repos_count":0.0702255502645294,"dependent_packages_count":0.10633890346637205,"stargazers_count":2.1274791000082853,"forks_count":2.8806933555400756,"docker_downloads_count":0.06075693674571644,"average":0.8907861708651454},"purl":"pkg:pypi/ecdsa","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxeGotZjlyaC05Zmcy","url":"https://github.com/advisories/GHSA-8qxj-f9rh-9fg2","title":"Improper Verification of Cryptographic Signature in Pure-Python ECDSA","description":"A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2020-04-01T16:35:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-14859","https://github.com/warner/python-ecdsa/issues/114","https://github.com/warner/python-ecdsa/pull/115","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859","https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3","https://github.com/tlsfuzzer/python-ecdsa/commit/3427fa29f319b27898a28601955807abb44c0830","https://github.com/tlsfuzzer/python-ecdsa/commit/9080d1d5ac533da0de00466aaffb49bee808bb4e","https://github.com/tlsfuzzer/python-ecdsa/commit/b0ea52bb3aa9a16c9a4a91fdc0041edbfed10b31","https://github.com/advisories/GHSA-8qxj-f9rh-9fg2","https://github.com/pypa/advisory-database/tree/main/vulns/ecdsa/PYSEC-2020-163.yaml","https://pypi.org/project/ecdsa/0.13.3"],"source_kind":"github","identifiers":["GHSA-8qxj-f9rh-9fg2","CVE-2019-14859"],"repository_url":"https://github.com/warner/python-ecdsa","blast_radius":38.06594109163262,"packages":[{"versions":[{"first_patched_version":"0.13.3","vulnerable_version_range":"\u003c 0.13.3"}],"ecosystem":"pypi","package_name":"ecdsa"}],"created_at":"2022-12-21T16:12:32.659Z","updated_at":"2024-09-20T16:52:25.000Z","epss_percentage":0.00127,"epss_percentile":0.28893},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3ZnctbWdmai03ZzNn","url":"https://github.com/advisories/GHSA-pwfw-mgfj-7g3g","title":"ecdsa Denial of Service vulnerability in signature verification and signature malleability","description":"## possible DoS in signature verification and signature malleability \n\n### Impact\nCode using `VerifyingKey.verify()` and `VerifyingKey.verify_digest()` may receive exceptions other than the documented `BadSignatureError` when signatures are malformed. If those other exceptions are not caught, they may lead to program termination and thus Denial of Service\n\nCode using `VerifyingKey.verify()` and `VerifyingKey.verify_digest()` with `sigdecode` option using `ecdsa.util.sigdecode_der` will accept signatures even if they are not properly formatted DER. This makes the signatures malleable. It impacts only applications that later sign the signatures or verify signatures of signatures, e.g. Bitcoin.\n\nAll versions between 0.5 and 0.13.2 (inclusive) are thought to be vulnerable. Code before 0.5 may be vulnerable but didn't receive extended analysis to rule this issue out.\n\n### Patches\nThe patches have been merged to `master` branch in https://github.com/warner/python-ecdsa/pull/115.\nThe backported patches for a release in the 0.13 branch are in https://github.com/warner/python-ecdsa/pull/124\n\nThey are part of the 0.13.3 release.\n\nThere are no plans to backport them to earlier releases.\n\n### Workarounds\nIt may be possible to prevent the Denial of Service by catching also `UnexpectedDER`, `IndexError` and `AssertionError` exceptions. That list hasn't been verified to be complete though. If those exceptions are raised, the signature verification process should consider the signature to be invalid.\n\nTo remediate signature malleability and the Denial of Service vulnerability, it may be possible to first verify that the signature is properly DER formatted ECDSA-Sig-Value, as defined in [RFC3279](https://tools.ietf.org/html/rfc3279), before passing it to `verify()` or `verify_digest()` methods. If the signature is determined to not follow the DER or encode a different structure, the signature verification process should consider the signature to be invalid.\n\n### References\nhttps://en.bitcoinwiki.org/wiki/Transaction_Malleability\n\n### For more information\nIf you have any questions or comments about this advisory please open an issue in [python-ecdsa](https://github.com/warner/python-ecdsa/issues) project.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2019-10-08T16:30:17.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/warner/python-ecdsa/security/advisories/GHSA-pwfw-mgfj-7g3g","https://nvd.nist.gov/vuln/detail/CVE-2019-14853","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853","https://github.com/pypa/advisory-database/tree/main/vulns/ecdsa/PYSEC-2019-177.yaml","https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3","https://seclists.org/bugtraq/2019/Dec/33","https://www.debian.org/security/2019/dsa-4588","https://github.com/advisories/GHSA-pwfw-mgfj-7g3g"],"source_kind":"github","identifiers":["GHSA-pwfw-mgfj-7g3g","CVE-2019-14853"],"repository_url":"https://github.com/warner/python-ecdsa","blast_radius":31.373028372224685,"packages":[{"versions":[{"first_patched_version":"0.13.3","vulnerable_version_range":"\u003c 0.13.3"}],"ecosystem":"pypi","package_name":"ecdsa"}],"created_at":"2022-12-21T16:13:27.784Z","updated_at":"2024-09-20T16:47:15.000Z","epss_percentage":0.00052,"epss_percentile":0.13195},{"uuid":"GSA_kwCzR0hTQS13ajZoLTY0ZmMtMzdtcM4AA4nW","url":"https://github.com/advisories/GHSA-wj6h-64fc-37mp","title":"Minerva timing attack on P-256 in python-ecdsa","description":"python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-01-22T21:35:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.4,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","references":["https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp","https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md","https://minerva.crocs.fi.muni.cz/","https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/","https://nvd.nist.gov/vuln/detail/CVE-2024-23342","https://github.com/advisories/GHSA-wj6h-64fc-37mp"],"source_kind":"github","identifiers":["GHSA-wj6h-64fc-37mp","CVE-2024-23342"],"repository_url":"https://github.com/tlsfuzzer/python-ecdsa","blast_radius":30.95472132726169,"packages":[{"versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 0.18.0"}],"ecosystem":"pypi","package_name":"ecdsa"}],"created_at":"2024-01-22T22:06:17.872Z","updated_at":"2025-03-31T03:10:27.895Z","epss_percentage":0.00899,"epss_percentile":0.73541},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcmotNDM1di1jMmNy","url":"https://github.com/advisories/GHSA-2mrj-435v-c2cr","title":"Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA","description":"## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pwfw-mgfj-7g3g. This link is maintained to preserve external references.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-12-02T18:15:31.000Z","withdrawn_at":"2020-06-16T20:15:24.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2019-14853","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853","https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3","https://seclists.org/bugtraq/2019/Dec/33","https://www.debian.org/security/2019/dsa-4588","https://github.com/advisories/GHSA-2mrj-435v-c2cr","https://github.com/advisories/GHSA-pwfw-mgfj-7g3g","https://github.com/pypa/advisory-database/tree/main/vulns/ecdsa/PYSEC-2019-177.yaml"],"source_kind":"github","identifiers":["GHSA-2mrj-435v-c2cr"],"repository_url":"https://github.com/warner/python-ecdsa","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.13.3","vulnerable_version_range":"\u003c 0.13.3"}],"ecosystem":"pypi","package_name":"ecdsa"}],"created_at":"2022-12-21T16:13:27.022Z","updated_at":"2024-09-20T16:46:34.000Z","epss_percentage":null,"epss_percentile":null}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/ecdsa","docker_dependents_count":1134,"docker_downloads_count":1065189455,"usage_url":"https://repos.ecosyste.ms/usage/pypi/ecdsa","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/ecdsa/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/ecdsa/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/ecdsa/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/ecdsa/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/ecdsa/related_packages","maintainers":[{"uuid":"warner","login":"warner","name":null,"email":null,"url":null,"packages_count":17,"html_url":"https://pypi.org/user/warner/","role":null,"created_at":"2023-01-05T19:26:13.210Z","updated_at":"2023-01-05T19:26:13.210Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/warner/packages"},{"uuid":"tomato","login":"tomato","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/tomato/","role":null,"created_at":"2023-01-05T19:26:13.193Z","updated_at":"2023-01-05T19:26:13.193Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/tomato/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690329,"maintainers_count":292761,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":92,"unique_repositories_count_past_30_days":3,"recent_issues":[{"uuid":"4519233848","node_id":"PR_kwDOOKEvLM7fJ9DU","number":50,"state":"closed","title":"Bump ecdsa from 0.19.1 to 0.19.2 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T20:02:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T19:58:38.000Z","updated_at":"2026-05-25T20:02:13.000Z","time_to_close":207,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PaulaMagdi0/Task-And-Project-Management-System/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PaulaMagdi0/Task-And-Project-Management-System/pull/50","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaulaMagdi0%2FTask-And-Project-Management-System/issues/50","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/50/packages"},{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4449631361","node_id":"PR_kwDOKdDCc87bsy8f","number":24734,"state":"closed","title":"build(deps): bump the uv group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-14T22:02:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T22:02:22.000Z","updated_at":"2026-05-14T22:02:37.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":17,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24734","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24734","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24734/packages"},{"uuid":"4394535477","node_id":"PR_kwDOKdDCc87Y7cG-","number":24422,"state":"closed","title":"Bump the uv group across 2 directories with 23 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-06T21:24:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:23:56.000Z","updated_at":"2026-05-06T21:24:12.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":23,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"langsmith","old_version":"0.4.5","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.25.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.5` | `0.7.31` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.25.1` | `3.26.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decodi...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24422/packages"},{"uuid":"4380044463","node_id":"PR_kwDOKdDCc87YL-T1","number":24366,"state":"closed","title":"Bump the uv group across 2 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-04T22:17:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T22:16:58.000Z","updated_at":"2026-05-04T22:17:12.000Z","time_to_close":5,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":24,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"langsmith","old_version":"0.4.5","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.25.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"torch","old_version":"2.5.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.5` | `0.7.31` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.25.1` | `3.26.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.8.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.re...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24366","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24366","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24366/packages"},{"uuid":"4333145766","node_id":"PR_kwDOQguR2c7V04_h","number":11,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T04:47:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T04:45:26.000Z","updated_at":"2026-05-11T04:47:55.000Z","time_to_close":1209748,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.33.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.4","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.0","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.1","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.5.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.4.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.33.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.0` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.1` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.5.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.46.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.3/\"\u003ehttps://pypi.org/project/click/8.3.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-3\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/1026\"\u003e#1026\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/1477\"\u003e#1477\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2775\"\u003e#2775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3298\"\u003e#3298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3299\"\u003e#3299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3238\"\u003e#3238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/654\"\u003e#654\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/843\"\u003e#843\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/951\"\u003e#951\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3235\"\u003e#3235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3177\"\u003e#3177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2836\"\u003e#2836\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2837\"\u003e#2837\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3165\"\u003e#3165\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3262\"\u003e#3262\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3280\"\u003e#3280\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3111\"\u003e#3111\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3189\"\u003e#3189\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3250\"\u003e#3250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2865\"\u003e#2865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2879\"\u003e#2879\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-20\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n:issue:\u003ccode\u003e1026\u003c/code\u003e :pr:\u003ccode\u003e1477\u003c/code\u003e :pr:\u003ccode\u003e2775\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. :issue:\u003ccode\u003e3298\u003c/code\u003e :pr:\u003ccode\u003e3299\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. :pr:\u003ccode\u003e3238\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n:issue:\u003ccode\u003e3224\u003c/code\u003e :pr:\u003ccode\u003e3240\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n:issue:\u003ccode\u003e654\u003c/code\u003e :issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e843\u003c/code\u003e :pr:\u003ccode\u003e951\u003c/code\u003e :pr:\u003ccode\u003e3235\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. :pr:\u003ccode\u003e3151\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. :pr:\u003ccode\u003e3151\u003c/code\u003e :pr:\u003ccode\u003e3177\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. :issue:\u003ccode\u003e2836\u003c/code\u003e :pr:\u003ccode\u003e2837\u003c/code\u003e :pr:\u003ccode\u003e3165\u003c/code\u003e :pr:\u003ccode\u003e3262\u003c/code\u003e :pr:\u003ccode\u003e3280\u003c/code\u003e\n:pr:\u003ccode\u003e3328\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. :issue:\u003ccode\u003e3111\u003c/code\u003e :pr:\u003ccode\u003e3239\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. :issue:\u003ccode\u003e3189\u003c/code\u003e :pr:\u003ccode\u003e3250\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n:issue:\u003ccode\u003e2865\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. :issue:\u003ccode\u003e2879\u003c/code\u003e :pr:\u003ccode\u003e3248\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c06d2d0a6aee6bcc50bd8257be2a4a592f4e75d0\"\u003e\u003ccode\u003ec06d2d0\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/f1f191ecd2c790b161187c78e7c88440e9524e5c\"\u003e\u003ccode\u003ef1f191e\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3343\"\u003e#3343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/bb59ba0fd279ca085d1113f0499b6a602ca31081\"\u003e\u003ccode\u003ebb59ba0\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4a352253c9ff013e36d11e4a6820d36d00ff2cd4\"\u003e\u003ccode\u003e4a35225\u003c/code\u003e\u003c/a\u003e Reduce blast-radius of \u003ccode\u003eUNSET\u003c/code\u003e in \u003ccode\u003edefault_map\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c07bb936de43fd303f9cfbefe248ab23fd2199c8\"\u003e\u003ccode\u003ec07bb93\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into unset-in-default-map\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c7e1ba8448cbcb2cdd9c1c7f4a592e863dcc3995\"\u003e\u003ccode\u003ec7e1ba8\u003c/code\u003e\u003c/a\u003e Reorder \u003ccode\u003eParameterSource\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/76552ff1e8c85837f911fc34037e702ae4327eda\"\u003e\u003ccode\u003e76552ff\u003c/code\u003e\u003c/a\u003e Show default string in prompt (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ac5cec5fe54e5a691e7bac17f441ce9498e0744c\"\u003e\u003ccode\u003eac5cec5\u003c/code\u003e\u003c/a\u003e Reorder ParameterSource from most to least explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c452e00e6772931b7071d9316b82b77e5b8f280\"\u003e\u003ccode\u003e8c452e0\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into show-default-string-in-prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c95c73bd5ef89eac638f85f1904a104ba4b1a32\"\u003e\u003ccode\u003e8c95c73\u003c/code\u003e\u003c/a\u003e Reconcile default value passing and default activation (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4290110444","node_id":"PR_kwDOQguR2c7TrcCW","number":4,"state":"closed","title":"build(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-27T04:42:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T06:23:45.000Z","updated_at":"2026-04-27T04:42:47.000Z","time_to_close":685140,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.2.25","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.4","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.3.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.32.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.1","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.3","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.2","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.2","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.0","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.4.10"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.4` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.0` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.32.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.1` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.2` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.2` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.0` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.0.4` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.4.10` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.44.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.2.25\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/7f5ade5d8da615fd366e8de6a668271251c45d34\"\u003e\u003ccode\u003e7f5ade5\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.1.0 to 6.2.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.02.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.4 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.4...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/708606c982cf35718cb2214c0bb9261cf548f042\"\u003e\u003ccode\u003e708606c\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/13be6a3a0f12d3f36c286196ef555dd51dc09edb\"\u003e\u003ccode\u003e13be6a3\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4b264878d71b2dc0e9e0f90ef15459d4302a7f9c\"\u003e\u003ccode\u003e4b26487\u003c/code\u003e\u003c/a\u003e ⬆️ Support free-threaded Python 3.14t (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15149\"\u003e#15149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/f796c346a8537876de43729ff1ca1409d4648893\"\u003e\u003ccode\u003ef796c34\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/09d1d1cb7073b3c7bd1f58fcf6faefa9b2c29de4\"\u003e\u003ccode\u003e09d1d1c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae4e45c5cc20a1e1503fbcab2369821d188feb09\"\u003e\u003ccode\u003eae4e45c\u003c/code\u003e\u003c/a\u003e 🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15363\"\u003e#15363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9653034b8d459607a4b7f761e6c23a6f287fa5fa\"\u003e\u003ccode\u003e9653034\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6f9a102faf071dbfa812a3af88d7d309d2ded4a6\"\u003e\u003ccode\u003e6f9a102\u003c/code\u003e\u003c/a\u003e ⬆ Bump cryptography from 46.0.5 to 46.0.7 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15314\"\u003e#15314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/eba8942c81dbf990d25fbae34e6601bdbc21e74b\"\u003e\u003ccode\u003eeba8942\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/77d080caf850b8af5c0f467389edf03c057c7697\"\u003e\u003ccode\u003e77d080c\u003c/code\u003e\u003c/a\u003e ⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15309\"\u003e#15309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/49e6189b2cd8ee95b9357bff6a5671ea3b32c2ca\"\u003e\u003ccode\u003e49e6189\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2005\"\u003e#2005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e73753a3c9086398a54942d26f7bc4a7232ac336\"\u003e\u003ccode\u003ee73753a\u003c/code\u003e\u003c/a\u003e Remove the deprecated 'pyxet' from the list of libraries (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/4bd065327f496fac714c9891111bc67c8d8cceae\"\u003e\u003ccode\u003e4bd0653\u003c/code\u003e\u003c/a\u003e conf should attempt types (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/463a1f08b52e2637728a28e1371577e8ea21496d\"\u003e\u003ccode\u003e463a1f0\u003c/code\u003e\u003c/a\u003e fix: allow withdirs parameter in glob for AbstractFileSystem (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/19e3cfe92b1bad9f759b4a399c3fbbb518e92455\"\u003e\u003ccode\u003e19e3cfe\u003c/code\u003e\u003c/a\u003e Fix typos (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2003\"\u003e#2003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/90bcbba391bddef400dde62e03c2eea9a2bdbd3d\"\u003e\u003ccode\u003e90bcbba\u003c/code\u003e\u003c/a\u003e fix typo in async docs: 'is' -\u0026gt; 'if' (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/846c9aa2e1eefe976f4c61bd954e7683ae9e7bb2\"\u003e\u003ccode\u003e846c9aa\u003c/code\u003e\u003c/a\u003e Apply \u003ccode\u003elru_cache\u003c/code\u003e manually per \u003ccode\u003eLazyReferenceMapper\u003c/code\u003e instance (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1985\"\u003e#1985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/fa850c13440b9a649b41afce8f0f4ecca73f9d73\"\u003e\u003ccode\u003efa850c1\u003c/code\u003e\u003c/a\u003e fix putting multiple files using SFTP (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e6668a146cd07b9f50530c49ea3916d8ab13e169\"\u003e\u003ccode\u003ee6668a1\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b6bd0752c1f133fb5005b4b21c065bde76f2c52b\"\u003e\u003ccode\u003eb6bd075\u003c/code\u003e\u003c/a\u003e fix parquet tests (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1988\"\u003e#1988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mmh3` from 5.2.0 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hajimes/mmh3/releases\"\u003emmh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the Android wheel for Python 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9, as it has reached the end of life on 2025-10-31.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hajimes/mmh3/blob/master/CHANGELOG.md\"\u003emmh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[5.2.1] - 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the Android wheel for Python 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9, as it has reached the end of life on 2025-10-31.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/a4c44d81a8dc433ac50977425d7a5cf27cea9f0c\"\u003e\u003ccode\u003ea4c44d8\u003c/code\u003e\u003c/a\u003e chore(release): bump version to 5.2.1 (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/c83701d471d557594ab7f8003c13a476057fa7b1\"\u003e\u003ccode\u003ec83701d\u003c/code\u003e\u003c/a\u003e ci: update workflow files (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/168\"\u003e#168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/d4311b2d97b0f965aec857d94fa19aa0cd70ef8a\"\u003e\u003ccode\u003ed4311b2\u003c/code\u003e\u003c/a\u003e style: migrate to Ruff (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/25f98341e1ed5b5de9f1c7c28d67265501506281\"\u003e\u003ccode\u003e25f9834\u003c/code\u003e\u003c/a\u003e ci: fix dev ver for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/c4079917eadce86025724913e0cb620948e1199f\"\u003e\u003ccode\u003ec407991\u003c/code\u003e\u003c/a\u003e ci: fix dev ver for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/ee3a78a1fe3f82c7e2018f290d6ab262603d24dd\"\u003e\u003ccode\u003eee3a78a\u003c/code\u003e\u003c/a\u003e ci: update wheel configs (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/60957d75f0c30cf25d1f5354f5a5ac0febd952e3\"\u003e\u003ccode\u003e60957d7\u003c/code\u003e\u003c/a\u003e fix: modify sed commands for cross-platform builds (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/da3bb5f0aa7a004b2ae3a5d0eb3d06c05f370130\"\u003e\u003ccode\u003eda3bb5f\u003c/code\u003e\u003c/a\u003e Switch back to workflow_dispatch for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/bdaedf92e861df6eab2e3b229ce92fc688fa8f79\"\u003e\u003ccode\u003ebdaedf9\u003c/code\u003e\u003c/a\u003e Bump pyperf in the dependencies group across 1 directory (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/3342d17e5315fb9935f9348824c5b7acbc0b4808\"\u003e\u003ccode\u003e3342d17\u003c/code\u003e\u003c/a\u003e Bump dependencies (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.2 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS po...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4258584877","node_id":"PR_kwDONUO8uM7SJr53","number":118,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-13T23:57:47.000Z","updated_at":"2026-04-13T23:59:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":11,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"uv","old_version":"0.4.25","new_version":"0.11.6","repository_url":"https://github.com/astral-sh/uv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.0.1` | `8.6.2` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.11.6` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.0.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/li\u003e\n\u003cli\u003eOfficially support Python 3.12 and 3.13 (add them to CI)\u003c/li\u003e\n\u003cli\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/li\u003e\n\u003cli\u003eFix typos in warning messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/2a6593d840ad153a16ebdd4f9b772b290494f3e3\"\u003e\u003ccode\u003e2a6593d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/359\"\u003e#359\u003c/a\u003e from tlsfuzzer/release-0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/658ddc81bbd20e0197a59c9c0fa7dcc5b17d7d06\"\u003e\u003ccode\u003e658ddc8\u003c/code\u003e\u003c/a\u003e add release notes for 0.19.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/3c5df06ae85ea0b35557fe5f8874eec4f2b39db0\"\u003e\u003ccode\u003e3c5df06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/358\"\u003e#358\u003c/a\u003e from tlsfuzzer/high-s-values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/b6d43c60e309bccd681eb1baab502f817ff226b6\"\u003e\u003ccode\u003eb6d43c6\u003c/code\u003e\u003c/a\u003e use integer division for canonicalization of signatures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/aa81ba3b7339f30362098580c754576bc15edba1\"\u003e\u003ccode\u003eaa81ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/357\"\u003e#357\u003c/a\u003e from tlsfuzzer/new-badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.0...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tornado` from 6.4.1 to 6.5.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst\"\u003etornado's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease notes\u003c/h1\u003e\n\u003cp\u003e.. toctree::\n:maxdepth: 2\u003c/p\u003e\n\u003cp\u003ereleases/v6.5.5\nreleases/v6.5.4\nreleases/v6.5.3\nreleases/v6.5.2\nreleases/v6.5.1\nreleases/v6.5.0\nreleases/v6.4.2\nreleases/v6.4.1\nreleases/v6.4.0\nreleases/v6.3.3\nreleases/v6.3.2\nreleases/v6.3.1\nreleases/v6.3.0\nreleases/v6.2.0\nreleases/v6.1.0\nreleases/v6.0.4\nreleases/v6.0.3\nreleases/v6.0.2\nreleases/v6.0.1\nreleases/v6.0.0\nreleases/v5.1.1\nreleases/v5.1.0\nreleases/v5.0.2\nreleases/v5.0.1\nreleases/v5.0.0\nreleases/v4.5.3\nreleases/v4.5.2\nreleases/v4.5.1\nreleases/v4.5.0\nreleases/v4.4.3\nreleases/v4.4.2\nreleases/v4.4.1\nreleases/v4.4.0\nreleases/v4.3.0\nreleases/v4.2.1\nreleases/v4.2.0\nreleases/v4.1.0\nreleases/v4.0.2\nreleases/v4.0.1\nreleases/v4.0.0\nreleases/v3.2.2\nreleases/v3.2.1\nreleases/v3.2.0\nreleases/v3.1.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/7d6465056ceb7a054b3f64cf1c18271753b10482\"\u003e\u003ccode\u003e7d64650\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3586\"\u003e#3586\u003c/a\u003e from bdarnell/update-cibw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/d05d59b8080a0d5d6a260994c7aad7049209d345\"\u003e\u003ccode\u003ed05d59b\u003c/code\u003e\u003c/a\u003e build: Bump cibuildwheel to 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/c2f46732b0ad14bf0db4219c96a945f4b60205f5\"\u003e\u003ccode\u003ec2f4673\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3585\"\u003e#3585\u003c/a\u003e from bdarnell/release-655\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/e5f1aa4b6fa2c16b29024830227838fcb0c79b6f\"\u003e\u003ccode\u003ee5f1aa4\u003c/code\u003e\u003c/a\u003e Release notes and version bump for v6.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/78a046f99f89977dfc8ff5a1fe16d298afbeeaca\"\u003e\u003ccode\u003e78a046f\u003c/code\u003e\u003c/a\u003e httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104\"\u003e\u003ccode\u003e24a2d96\u003c/code\u003e\u003c/a\u003e web: Validate characters in all cookie attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839\"\u003e\u003ccode\u003e119a195\u003c/code\u003e\u003c/a\u003e httputil: Add limits on multipart form data parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/63d4df4eefa6750bb14efa1ebffe67b8c54fbad4\"\u003e\u003ccode\u003e63d4df4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3564\"\u003e#3564\u003c/a\u003e from bdarnell/release-654\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/eadbf9adbe9db19e2686a32f48ddf9a25518c4f6\"\u003e\u003ccode\u003eeadbf9a\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/bbc2b1429c6db80765a8a95c09ddddc7bb40e4e8\"\u003e\u003ccode\u003ebbc2b14\u003c/code\u003e\u003c/a\u003e Make sure that the in-operator on HTTPHeaders is case insensitive\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github....\n\n_Description has been truncated_","html_url":"https://github.com/patrik-fredon/langflow/pull/118","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/118","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/118/packages"},{"uuid":"4253452975","node_id":"PR_kwDORVT_787R8LeV","number":19,"state":"closed","title":"chore(deps)(deps): bump the python-minor-patch group across 1 directory with 41 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-20T10:36:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T10:08:25.000Z","updated_at":"2026-04-20T10:36:24.000Z","time_to_close":606477,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"python-minor-patch","update_count":41,"packages":[{"name":"alembic","old_version":"1.12.1","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anthropic","old_version":"0.84.0","new_version":"0.94.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.2.25","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.129.2","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"filelock","old_version":"3.24.2","new_version":"3.25.2","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"fsspec","old_version":"2026.2.0","new_version":"2026.3.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"google-auth-httplib2","old_version":"0.3.0","new_version":"0.3.1","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"google-auth","old_version":"2.48.0","new_version":"2.49.2","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"gunicorn","old_version":"25.1.0","new_version":"25.3.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"jiter","old_version":"0.13.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.0.4","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"1.0.5","new_version":"1.0.11","repository_url":"https://github.com/mem0ai/mem0"},{"name":"numpy","old_version":"2.4.2","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"openai","old_version":"2.21.0","new_version":"2.31.0","repository_url":"https://github.com/openai/openai-python"},{"name":"prometheus-client","old_version":"0.19.0","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyjwt","old_version":"2.11.0","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"regex","old_version":"2026.2.19","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.57.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"sse-starlette","old_version":"3.2.0","new_version":"3.3.4","repository_url":"https://github.com/sysid/sse-starlette"},{"name":"svix","old_version":"1.86.0","new_version":"1.90.0","repository_url":"https://github.com/svix/svix-webhooks"},{"name":"typer","old_version":"0.24.0","new_version":"0.24.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wrapt","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"bandit","old_version":"1.8.3","new_version":"1.9.4","repository_url":"https://github.com/PyCQA/bandit"},{"name":"pip-audit","old_version":"2.9.0","new_version":"2.10.0","repository_url":"https://github.com/pypa/pip-audit"},{"name":"pre-commit","old_version":"4.1.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.9.9","new_version":"0.15.10","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 41 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.12.1` | `1.18.4` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.84.0` | `0.94.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.129.2` | `0.135.3` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.2` | `3.25.2` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.2.0` | `2026.3.0` |\n| [google-auth-httplib2](https://github.com/googleapis/google-cloud-python) | `0.3.0` | `0.3.1` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.48.0` | `2.49.2` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.4.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.3.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.13.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.0.4` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `1.0.5` | `1.0.11` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.2` | `2.4.4` |\n| [openai](https://github.com/openai/openai-python) | `2.21.0` | `2.31.0` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.19.0` | `0.25.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.0` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.11.0` | `2.12.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.2.19` | `2026.4.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.57.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.49` |\n| [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.3.4` |\n| [svix](https://github.com/svix/svix-webhooks) | `1.86.0` | `1.90.0` |\n| [typer](https://github.com/fastapi/typer) | `0.24.0` | `0.24.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.44.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.1.1` | `2.1.2` |\n| [bandit](https://github.com/PyCQA/bandit) | `1.8.3` | `1.9.4` |\n| [pip-audit](https://github.com/pypa/pip-audit) | `2.9.0` | `2.10.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.1.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.9.9` | `0.15.10` |\n\n\nUpdates `alembic` from 1.12.1 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.84.0 to 0.94.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.94.0\u003c/h2\u003e\n\u003ch2\u003e0.94.0 (2026-04-10)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.93.0...v0.94.0\"\u003ev0.93.0...v0.94.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b7e157d85f50b2900ddf896e8e80882dd7311bfd\"\u003eb7e157d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure file data are only sent as 1 parameter (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/837b25bb6262186a5bae92aa70eb73c3cf8c90af\"\u003e837b25b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/48089fdb788500d00718b9d4ae24cd34e5e91beb\"\u003e48089fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0f3c28b973026d135f91f38c4ad82ae2b1131522\"\u003e0f3c28b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.93.0\u003c/h2\u003e\n\u003ch2\u003e0.93.0 (2026-04-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.92.0...v0.93.0\"\u003ev0.92.0...v0.93.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add beta advisor tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4297dca285441b185ea9e3d18b7f912102b54be2\"\u003e4297dca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.92.0\u003c/h2\u003e\n\u003ch2\u003e0.92.0 (2026-04-08)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.91.0...v0.92.0\"\u003ev0.91.0...v0.92.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Claude Managed Agents (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5b879a7d929bd93332d777bed067be680819dfac\"\u003e5b879a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.91.0\u003c/h2\u003e\n\u003ch2\u003e0.91.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.90.0...v0.91.0\"\u003ev0.90.0...v0.91.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Create Bedrock Mantle client (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1616\"\u003e#1616\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fd195a2fa2cd44ebf4513e69f671def88d2b6ec9\"\u003efd195a2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.90.0\u003c/h2\u003e\n\u003ch2\u003e0.90.0 (2026-04-07)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.94.0 (2026-04-10)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.93.0...v0.94.0\"\u003ev0.93.0...v0.94.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b7e157d85f50b2900ddf896e8e80882dd7311bfd\"\u003eb7e157d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure file data are only sent as 1 parameter (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/837b25bb6262186a5bae92aa70eb73c3cf8c90af\"\u003e837b25b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/48089fdb788500d00718b9d4ae24cd34e5e91beb\"\u003e48089fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0f3c28b973026d135f91f38c4ad82ae2b1131522\"\u003e0f3c28b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.93.0 (2026-04-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.92.0...v0.93.0\"\u003ev0.92.0...v0.93.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add beta advisor tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4297dca285441b185ea9e3d18b7f912102b54be2\"\u003e4297dca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.92.0 (2026-04-08)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.91.0...v0.92.0\"\u003ev0.91.0...v0.92.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Claude Managed Agents (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5b879a7d929bd93332d777bed067be680819dfac\"\u003e5b879a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.91.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.90.0...v0.91.0\"\u003ev0.90.0...v0.91.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Create Bedrock Mantle client (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1616\"\u003e#1616\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fd195a2fa2cd44ebf4513e69f671def88d2b6ec9\"\u003efd195a2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.90.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.89.0...v0.90.0\"\u003ev0.89.0...v0.90.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for claude-mythos-preview (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc7ddd8e0296a578f09c7fa2baf00e50d81cf980\"\u003efc7ddd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b03b0fc0b103eaba7732fc5ae54fc86c963839a\"\u003e\u003ccode\u003e7b03b0f\u003c/code\u003e\u003c/a\u003e release: 0.94.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/42ee3dab539d6346505bae13745d34fe91c1946e\"\u003e\u003ccode\u003e42ee3da\u003c/code\u003e\u003c/a\u003e docs: update examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0c8a8c9ec660108666baf96acd4aab08d41027af\"\u003e\u003ccode\u003e0c8a8c9\u003c/code\u003e\u003c/a\u003e fix: ensure file data are only sent as 1 parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9092064e862fe03afbca1740cbc21d20edcb4984\"\u003e\u003ccode\u003e9092064\u003c/code\u003e\u003c/a\u003e feat: vertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/25b6c31ca04c107c9b31d61e13ad69a1598ff65f\"\u003e\u003ccode\u003e25b6c31\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/717f90bf95b0dd3e1fefb2df06c022f16a03ee96\"\u003e\u003ccode\u003e717f90b\u003c/code\u003e\u003c/a\u003e release: 0.93.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/c10155947d844c7545b533bb62748e4381d5d7c5\"\u003e\u003ccode\u003ec101559\u003c/code\u003e\u003c/a\u003e feat(api): Add beta advisor tool\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5a290a8defab65e68d240116cbefa85987253946\"\u003e\u003ccode\u003e5a290a8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/c2cc6f9947fb89afd9c11cbc178631209dd2fba5\"\u003e\u003ccode\u003ec2cc6f9\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/90cd200895a7625481e6edc4696704e37b6d7dfd\"\u003e\u003ccode\u003e90cd200\u003c/code\u003e\u003c/a\u003e release: 0.92.0 (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1348\"\u003e#1348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.84.0...v0.94.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.2.25\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/7f5ade5d8da615fd366e8de6a668271251c45d34\"\u003e\u003ccode\u003e7f5ade5\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.1.0 to 6.2.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.02.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.129.2 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.129.2...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.24.2 to 3.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.25.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/513\"\u003etox-dev/filelock#513\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.25.1...3.25.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.25.1...3.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.25.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/507\"\u003etox-dev/filelock#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/511\"\u003etox-dev/filelock#511\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.25.0...3.25.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.25.0...3.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.25.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to check workflow by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/500\"\u003etox-dev/filelock#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/501\"\u003etox-dev/filelock#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/504\"\u003etox-dev/filelock#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/506\"\u003etox-dev/filelock#506\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.24.4...3.25.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.24.4...3.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.24.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress ValueError in _try_break_stale_lock for corrupted lock files by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/496\"\u003etox-dev/filelock#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix ValueError in _acquire_transaction_lock when blocking=False with timeout by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/498\"\u003etox-dev/filelock#498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/496\"\u003etox-dev/filelock#496\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.24.3...3.24.4\"\u003ehttps://github.com/tox-dev/filelock/compare/3.24.3...3.24.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.24.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/492\"\u003etox-dev/filelock#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/495\"\u003etox-dev/filelock#495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.26.1 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(asyncio): add \u003cstrong\u003eexit\u003c/strong\u003e to BaseAsyncFileLock and fix \u003cstrong\u003edel\u003c/strong\u003e loop handling :pr:\u003ccode\u003e518\u003c/code\u003e - by :user:\u003ccode\u003enaarob\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:\u003ccode\u003e525\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.26.0 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): add PID inspection and lock breaking :pr:\u003ccode\u003e524\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e523\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:\u003ccode\u003e522\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e520\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e519\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e517\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e516\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e514\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/5b9872c523b20db569d8832da4fb640e9c175ce6\"\u003e\u003ccode\u003e5b9872c\u003c/code\u003e\u003c/a\u003e Release 3.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/42b740aa076e81332402a16244c7cea60ac78851\"\u003e\u003ccode\u003e42b740a\u003c/code\u003e\u003c/a\u003e 🐛 fix(unix): suppress EIO on close in Docker bind mounts (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/d8b04b5018932f53b3d2743fadac507dd616af5c\"\u003e\u003ccode\u003ed8b04b5\u003c/code\u003e\u003c/a\u003e Release 3.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0633386072b71dfd27c6799323aecca45fb6a094\"\u003e\u003ccode\u003e0633386\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/7f2247d81bc8eab802821cd40437a61c40368d17\"\u003e\u003ccode\u003e7f2247d\u003c/code\u003e\u003c/a\u003e 🐛 fix(win): restore best-effort lock file cleanup on release (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/5ae1c4e36548fc0ff6e24a26cb4187b65f2cdccb\"\u003e\u003ccode\u003e5ae1c4e\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/bcffcfea7a8f616968e7cc45c047cc0d4142a064\"\u003e\u003ccode\u003ebcffcfe\u003c/code\u003e\u003c/a\u003e 📝 docs(logo): add branded project logo (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/7f195d9f06e8a96ac7226133a56df41571782183\"\u003e\u003ccode\u003e7f195d9\u003c/code\u003e\u003c/a\u003e Release 3.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/df2754eb4ea2e6e8b7d6fb54896d17163dcd2745\"\u003e\u003ccode\u003edf2754e\u003c/code\u003e\u003c/a\u003e ✨ feat(async): add AsyncReadWriteLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/506\"\u003e#506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8a359c54746ae8252b27b0198c125b741908d88e\"\u003e\u003ccode\u003e8a359c5\u003c/code\u003e\u003c/a\u003e Standardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.24.2...3.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.2.0 to 2026.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/49e6189b2cd8ee95b9357bff6a5671ea3b32c2ca\"\u003e\u003ccode\u003e49e6189\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2005\"\u003e#2005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e73753a3c9086398a54942d26f7bc4a7232ac336\"\u003e\u003ccode\u003ee73753a\u003c/code\u003e\u003c/a\u003e Remove the deprecated 'pyxet' from the list of libraries (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/4bd065327f496fac714c9891111bc67c8d8cceae\"\u003e\u003ccode\u003e4bd0653\u003c/code\u003e\u003c/a\u003e conf should attempt types (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/463a1f08b52e2637728a28e1371577e8ea21496d\"\u003e\u003ccode\u003e463a1f0\u003c/code\u003e\u003c/a\u003e fix: allow withdirs parameter in glob for AbstractFileSystem (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/19e3cfe92b1bad9f759b4a399c3fbbb518e92455\"\u003e\u003ccode\u003e19e3cfe\u003c/code\u003e\u003c/a\u003e Fix typos (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2003\"\u003e#2003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/90bcbba391bddef400dde62e03c2eea9a2bdbd3d\"\u003e\u003ccode\u003e90bcbba\u003c/code\u003e\u003c/a\u003e fix typo in async docs: 'is' -\u0026gt; 'if' (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/846c9aa2e1eefe976f4c61bd954e7683ae9e7bb2\"\u003e\u003ccode\u003e846c9aa\u003c/code\u003e\u003c/a\u003e Apply \u003ccode\u003elru_cache\u003c/code\u003e manually per \u003ccode\u003eLazyReferenceMapper\u003c/code\u003e instance (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1985\"\u003e#1985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/fa850c13440b9a649b41afce8f0f4ecca73f9d73\"\u003e\u003ccode\u003efa850c1\u003c/code\u003e\u003c/a\u003e fix putting multiple files using SFTP (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.2.0...2026.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth-httplib2` from 0.3.0 to 0.3.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/4e80530190d3e3d7d0dec26b8daf97c2db15c2df\"\u003e\u003ccode\u003e4e80530\u003c/code\u003e\u003c/a\u003e chore: create a release (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16193\"\u003e#16193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/0f8d933cfeca182e00eb589da2ab0df61579c6f1\"\u003e\u003ccode\u003e0f8d933\u003c/code\u003e\u003c/a\u003e chore: add gapic-generator integration test presubmit (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16465\"\u003e#16465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/ab44f7e4224b554e9365aafbd4ecb559ed975aa6\"\u003e\u003ccode\u003eab44f7e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency requests to v2.33.0 [security] (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16464\"\u003e#16464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/943a979f14b1f39608cdb2658823f087a599e418\"\u003e\u003ccode\u003e943a979\u003c/code\u003e\u003c/a\u003e chore(migration): Migrate code from googleapis/sphinx-docfx-yaml into package...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/8c6703da295ed30200bb38f637b745b64f34d690\"\u003e\u003ccode\u003e8c6703d\u003c/code\u003e\u003c/a\u003e chore(migration): Migrate code from googleapis/gapic-generator-python into pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/e3731d58d5371f166e75742e257e2524d21e83cb\"\u003e\u003ccode\u003ee3731d5\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into migration.gapic-generator-python.migration.2026-03-2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/20f57241d9f690abc31c1a19ee5a0d33c667f300\"\u003e\u003ccode\u003e20f5724\u003c/code\u003e\u003c/a\u003e Trigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/76a8b58e1f73328243ff838a4652bdcc4ead31b5\"\u003e\u003ccode\u003e76a8b58\u003c/code\u003e\u003c/a\u003e chore: skip spanner django presubmits using dorny filter (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16196\"\u003e#16196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/7a05a34dc0d4bd9ded9ab3ce97b5e61f2780e081\"\u003e\u003ccode\u003e7a05a34\u003c/code\u003e\u003c/a\u003e chore: create a release (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16191\"\u003e#16191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/46ee8a094fdb121f49fa600f91d1b8c0818a9253\"\u003e\u003ccode\u003e46ee8a0\u003c/code\u003e\u003c/a\u003e fix presubmit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/google-auth-httplib2-v0.3.0...google-auth-httplib2-v0.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth` from 2.48.0 to 2.49.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/releases\"\u003egoogle-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.49.0.dev0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.48.0...v2.49.0-dev0\"\u003e2.49.0-dev0\u003c/a\u003e (2026-01-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated rsa dependency (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e98cf69284d3620619a70b54fb0b9533caf11878\"\u003ee98cf69284d3620619a70b54fb0b9533caf11878\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md\"\u003egoogle-auth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://pypi.org/project/google-auth/#history\"\u003ePyPI History\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-auth-library-python/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eP...\n\n_Description has been truncated_","html_url":"https://github.com/Pha6ha007/proof-sales-platform/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pha6ha007%2Fproof-sales-platform/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"},{"uuid":"4251309235","node_id":"PR_kwDORju0hs7R3e9j","number":25,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T04:39:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T04:39:43.000Z","updated_at":"2026-04-20T04:39:09.000Z","time_to_close":604764,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":26,"packages":[{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.45.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.4.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.5.3","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 26 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.3` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.4.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.45.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.26` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.49` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.44.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.4.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.5.3` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\ntheoretically could have been crashing bugs, but typically only in\nvery rare circumstances.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 502 \u0026lt;https://github.com/python-greenlet/greenlet/pull/502\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix several race conditions that could arise in free-threaded\nbuilds when using greenlet objects from multiple threads, some of\nwhich could lead to assertion failures or interpreter crashes.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003eissue 503 \u0026lt;https://github.com/python-greenlet/greenlet/issues/503\u0026gt;\u003c/code\u003e_, with\nthanks to Nitay Dariel and Daniel Diniz.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/df6734edbef6a0e54ecc4ba4735d93ae6d721095\"\u003e\u003ccode\u003edf6734e\u003c/code\u003e\u003c/a\u003e Preparing release 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/0f860756608b767b2ed70f935053b319d1a1b828\"\u003e\u003ccode\u003e0f86075\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/504\"\u003e#504\u003c/a\u003e from python-greenlet/freethreading-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/459657482f3efaee294edff672bde45ac3fac208\"\u003e\u003ccode\u003e4596574\u003c/code\u003e\u003c/a\u003e TLBC: crash appears to still happen on CI 3.14t ubuntu. Re-enable workaround.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/2f4a1cf53fa282ab28ea4815164a9cb09b9320ce\"\u003e\u003ccode\u003e2f4a1cf\u003c/code\u003e\u003c/a\u003e Make green_switch (python level greenlet.switch) and green_throw check for (p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/a0c2a2a7519985d5fe2c034a54f1a0fed82a5905\"\u003e\u003ccode\u003ea0c2a2a\u003c/code\u003e\u003c/a\u003e Fix unused variable warning when asserts are disabled.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/8688581392187d68f35180148fcd6fb4fd9a972f\"\u003e\u003ccode\u003e8688581\u003c/code\u003e\u003c/a\u003e gcc was complaining about an incomplete std::atomic type. make sure we includ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/449c76045b71f7f96c48e8d62672e5382b17cc3d\"\u003e\u003ccode\u003e449c760\u003c/code\u003e\u003c/a\u003e Make MainGreenlet._thread_state atomic; we use it for cross thread checking a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/f840e00dea524c20801bcb4f8764b968590eb6ba\"\u003e\u003ccode\u003ef840e00\u003c/code\u003e\u003c/a\u003e Add critical sections to greenlet attribute accessors.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/6b281d3eca96ec82a87067b2016241296e4c60e9\"\u003e\u003ccode\u003e6b281d3\u003c/code\u003e\u003c/a\u003e test_contextvars: No need for the fallback case where contextvars isn't avail...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/f52615ae64f73b19e53e71cd1e12cbb1841246ff\"\u003e\u003ccode\u003ef52615a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/502\"\u003e#502\u003c/a\u003e from python-greenlet/devdanzin-audit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.6.1 to 2.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Deterministic alias selection when using validate_by_name by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/707\"\u003epydantic/pydantic-settings#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deep merge functionality to config file sources by \u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS Secrets Manager VersionId parameter by \u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebugfix: Return \u003ccode\u003eNone\u003c/code\u003e for inaccessible GCP Secret Manager secrets by \u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBugfix for cli_kebab_case=\u0026quot;all\u0026quot; and CliImplicitFlag[bool] by \u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnpack type alisases when looking for \u003ccode\u003eNoDecode\u003c/code\u003e by \u003ca href=\"https://github.com/tselepakis\"\u003e\u003ccode\u003e@​tselepakis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/695\"\u003epydantic/pydantic-settings#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCliToggleFlag and CliDualFlag by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/717\"\u003epydantic/pydantic-settings#717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for CLI duplicate enum field values. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/722\"\u003epydantic/pydantic-settings#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed load nested config from env by \u003ca href=\"https://github.com/Sube-py\"\u003e\u003ccode\u003e@​Sube-py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/723\"\u003epydantic/pydantic-settings#723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd non-Path files support (for example Traversable) and open files using Path.open method by \u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/724\"\u003epydantic/pydantic-settings#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd one more traversable test by \u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/725\"\u003epydantic/pydantic-settings#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI fix fox external list args. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/727\"\u003epydantic/pydantic-settings#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle case-insensitive retrieval in GoogleSecretManagerSettingsSource by \u003ca href=\"https://github.com/ezwiefel\"\u003e\u003ccode\u003e@​ezwiefel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/730\"\u003epydantic/pydantic-settings#730\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI test fixes for help text formatting. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/735\"\u003epydantic/pydantic-settings#735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid conflicts with the \u003ccode\u003eNAME\u003c/code\u003e environment variable in WSL by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/747\"\u003epydantic/pydantic-settings#747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: When restoring init kwargs, use deterministic order by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/746\"\u003epydantic/pydantic-settings#746\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd env_prefix_target by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/749\"\u003epydantic/pydantic-settings#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e(default: …)\u003c/code\u003e in the help message for \u003ccode\u003eCliToggleFlag\u003c/code\u003e by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/740\"\u003epydantic/pydantic-settings#740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for CLI serialize styles. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/755\"\u003epydantic/pydantic-settings#755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for overriding default help on CLI internal parser. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/758\"\u003epydantic/pydantic-settings#758\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI format_help method support by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/759\"\u003epydantic/pydantic-settings#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(gcp): support SecretVersion annotation for per-field secret versioning by \u003ca href=\"https://github.com/ezwiefel\"\u003e\u003ccode\u003e@​ezwiefel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/763\"\u003epydantic/pydantic-settings#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003esnake_case_conversion\u003c/code\u003e with \u003ccode\u003eenv_prefix\u003c/code\u003e for Azure Key Vault source by \u003ca href=\"https://github.com/cstarkers\"\u003e\u003ccode\u003e@​cstarkers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/762\"\u003epydantic/pydantic-settings#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Only override preferred_key when no value was found by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/767\"\u003epydantic/pydantic-settings#767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate deps by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/768\"\u003epydantic/pydantic-settings#768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI coerce numeric types. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/769\"\u003epydantic/pydantic-settings#769\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI Union Discriminator Choices in Help by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/764\"\u003epydantic/pydantic-settings#764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd nested path support for yaml_config_section (fixes \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/772\"\u003e#772\u003c/a\u003e) by \u003ca href=\"https://github.com/hugo-romero-mm\"\u003e\u003ccode\u003e@​hugo-romero-mm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/773\"\u003epydantic/pydantic-settings#773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.13.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/777\"\u003epydantic/pydantic-settings#777\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sube-py\"\u003e\u003ccode\u003e@​Sube-py\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/723\"\u003epydantic/pydantic-settings#723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/724\"\u003epydantic/pydantic-settings#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/747\"\u003epydantic/pydantic-settings#747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cstarkers\"\u003e\u003ccode\u003e@​cstarkers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/762\"\u003epydantic/pydantic-settings#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hugo-romero-mm\"\u003e\u003ccode\u003e@​hugo-romero-mm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/773\"\u003epydantic/pydantic-settings#773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.13.0\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.12.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for enum kebab case. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/686\"\u003epydantic/pydantic-settings#686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply source order: init \u0026gt; env \u0026gt; dotenv \u0026gt; secrets \u0026gt; defaults and pres… by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/688\"\u003epydantic/pydantic-settings#688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd NestedSecretsSettings source by \u003ca href=\"https://github.com/makukha\"\u003e\u003ccode\u003e@​makukha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/690\"\u003epydantic/pydantic-settings#690\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e87d12df0f42f7f72a3eb6d830cfbfb1d68b4496\"\u003e\u003ccode\u003ee87d12d\u003c/code\u003e\u003c/a\u003e v2.13.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/790\"\u003e#790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/acf8c14f5ec314799f5bd0d3f6a1591c4ed2ec97\"\u003e\u003ccode\u003eacf8c14\u003c/code\u003e\u003c/a\u003e Fix JSON decoding for parameterized PEP 695 type aliases (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/780\"\u003e#780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/58b236a36473e01bfe42e5f75d39d46721e0593d\"\u003e\u003ccode\u003e58b236a\u003c/code\u003e\u003c/a\u003e Fix AttributeError with nested env vars for dict fields (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/785\"\u003e#785\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/786\"\u003e#786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/4933f06402ed55e32bcdcefd6c8f59ffe1fefd24\"\u003e\u003ccode\u003e4933f06\u003c/code\u003e\u003c/a\u003e Fix CLI parsing error for set field types since 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/787\"\u003e#787\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/788\"\u003e#788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/bd0ebe6215cf215d716e33d833cc2589a1d00a17\"\u003e\u003ccode\u003ebd0ebe6\u003c/code\u003e\u003c/a\u003e Fix RecursionError with self-referential models in CliApp (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eb7840e9f59a7969b23afdbcc4e5081e037736d8\"\u003e\u003ccode\u003eeb7840e\u003c/code\u003e\u003c/a\u003e Fix regression for bool fields since 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/784\"\u003e#784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/198e71cf0cd570501535de7ae93a70953150f073\"\u003e\u003ccode\u003e198e71c\u003c/code\u003e\u003c/a\u003e Prepare release 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/de71e84057b63b251ec84883b5e2ae886f82084f\"\u003e\u003ccode\u003ede71e84\u003c/code\u003e\u003c/a\u003e Add nested path support for yaml_config_section (fixes \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/772\"\u003e#772\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/773\"\u003e#773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0f8f951b89b137bd563ce74dac016ba2c4cdc7a2\"\u003e\u003ccode\u003e0f8f951\u003c/code\u003e\u003c/a\u003e CLI Union Discriminator Choices in Help (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/ce9804c4620d38f0c3b3c1e3ebe10d934fd4ba2e\"\u003e\u003ccode\u003ece9804c\u003c/code\u003e\u003c/a\u003e CLI coerce numeric types. (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/769\"\u003e#769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.6.1...v2.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.41.5 to 2.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-core/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4209568845","node_id":"PR_kwDORju0hs7QHZWD","number":21,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T04:38:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-06T04:39:11.000Z","updated_at":"2026-04-13T04:38:07.000Z","time_to_close":604734,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":25,"packages":[{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.5.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.45.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.24","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.43.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 25 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.3.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.5.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.3` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.45.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.24` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.49` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.43.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n\n\nUpdates `torch` from 2.7.1+cpu to 2.11.0+cpu\n\nUpdates `sentence-transformers` from 5.2.3 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0 - Improved Contrastive Learning, New Losses, and Transformers v5 Compatibility\u003c/h2\u003e\n\u003cp\u003eThis minor version brings several improvements to contrastive learning: \u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports alternative InfoNCE formulations (symmetric, GTE-style) and optional hardness weighting for harder negatives. Two new losses are introduced, \u003ccode\u003eGlobalOrthogonalRegularizationLoss\u003c/code\u003e for embedding space regularization and \u003ccode\u003eCachedSpladeLoss\u003c/code\u003e for memory-efficient SPLADE training. The release also adds a faster hashed batch sampler, fixes \u003ccode\u003eGroupByLabelBatchSampler\u003c/code\u003e for triplet losses, and ensures full compatibility with the latest Transformers v5 versions.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.3.0\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.3.0\npip install sentence-transformers[onnx-gpu]==5.3.0\npip install sentence-transformers[onnx]==5.3.0\npip install sentence-transformers[openvino]==5.3.0\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eUpdated MultipleNegativesRankingLoss (a.k.a. InfoNCE)\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e received two major upgrades: support for alternative InfoNCE formulations from the literature, and optional hardness weighting to up-weight harder negatives.\u003c/p\u003e\n\u003ch3\u003eSupport other InfoNCE variants (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3607\"\u003e#3607\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports several well-known contrastive loss variants from the literature through new \u003ccode\u003edirections\u003c/code\u003e and \u003ccode\u003epartition_mode\u003c/code\u003e parameters. Previously, this loss only supported the standard forward direction (query → doc). You can now configure which similarity interactions are included in the loss:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_doc\u0026quot;\u003c/code\u003e (default): For each query, its matched document should score higher than all other documents.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_query\u0026quot;\u003c/code\u003e: The symmetric reverse — for each document, its matched query should score higher than all other queries.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_query\u0026quot;\u003c/code\u003e: For each query, all other queries should score lower than its matched document.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_doc\u0026quot;\u003c/code\u003e: For each document, all other documents should score lower than its matched query.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ccode\u003epartition_mode\u003c/code\u003e controls how scores are normalized: \u003ccode\u003e\u0026quot;joint\u0026quot;\u003c/code\u003e computes a single softmax over all directions, while \u003ccode\u003e\u0026quot;per_direction\u0026quot;\u003c/code\u003e computes a separate softmax per direction and averages the losses.\u003c/p\u003e\n\u003cp\u003eThese combine to reproduce several loss formulations from the literature:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eStandard InfoNCE\u003c/strong\u003e (default, unchanged behavior):\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(model)\r\n# equivalent to directions=(\u0026quot;query_to_doc\u0026quot;,), partition_mode=\u0026quot;joint\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eSymmetric InfoNCE\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2310.19923\"\u003eGünther et al. 2024\u003c/a\u003e) — adds the reverse direction so both queries and documents are trained to find their match:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n    model,\r\n    directions=(\u0026quot;query_to_doc\u0026quot;, \u0026quot;doc_to_query\u0026quot;),\r\n    partition_mode=\u0026quot;per_direction\u0026quot;,\r\n)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eGTE improved contrastive loss\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2308.03281\"\u003eLi et al. 2023\u003c/a\u003e) — adds same-type negatives (query \u0026lt;-\u0026gt; query, doc \u0026lt;-\u0026gt; doc) for a stronger training signal, especially useful with pairs-only data:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce48ecc77f8c7ed97c8fcc3cd99fde6071206680\"\u003e\u003ccode\u003ece48ecc\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.3-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/cec08f89aabaa11a1675529fb7b11618c8255622\"\u003e\u003ccode\u003ecec08f8\u003c/code\u003e\u003c/a\u003e Fix citation for EmbeddingGemma paper (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/c29b3a69f7eca78d613fc2e465989ee880216c8d\"\u003e\u003ccode\u003ec29b3a6\u003c/code\u003e\u003c/a\u003e Release v5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/55c13de47ea9475b1416a34af36716cc477bd95f\"\u003e\u003ccode\u003e55c13de\u003c/code\u003e\u003c/a\u003e Prep docs main page for v5.3.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/72e75f7868700a768f6c57fb16e76b18df250f72\"\u003e\u003ccode\u003e72e75f7\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003etests\u003c/code\u003e] Add slow reproduction tests for most common models (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/237e44151758a9b4eb86b1ecd73152884073549a\"\u003e\u003ccode\u003e237e441\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Fix model card generation with set_transform with new column names (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/7f180b4b7146af66e2b043cdaa89bf87babe28bc\"\u003e\u003ccode\u003e7f180b4\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efeat\u003c/code\u003e] Add hardness-weighted contrastive learning to losses (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/58900864d51cde2f918885587709b2466938422c\"\u003e\u003ccode\u003e5890086\u003c/code\u003e\u003c/a\u003e Disallow query_to_query/doc_to_doc with partition_mode=\u0026quot;per_direction\u0026quot; due to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/6518c36671294b2125506f0d382d04102f739c91\"\u003e\u003ccode\u003e6518c36\u003c/code\u003e\u003c/a\u003e CE trainer: Removed IterableDataset from train and eval dataset type hints (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1e0e84cbfb5483ffe1a5ff7db459c67a61487f3f\"\u003e\u003ccode\u003e1e0e84c\u003c/code\u003e\u003c/a\u003e Add tips for adjusting batch size to improve processing speed (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.3.0 to 5.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease v5.5.0\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/INSET_PAPER_LINK\"\u003eGemma 4\u003c/a\u003e is a multimodal model with pretrained and instruction-tuned variants, available in 1B, 13B, and 27B parameters. The architecture is mostly the same as the previous Gemma versions. The key differences are a vision processor that can output images of fixed token budget and a spatial 2D RoPE to encode vision-specific information across height and width axis.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eYou can find all the original Gemma 4 checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4-release-67c6c6f89c4f76621268bb6d\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cp\u003eThe key difference from previous Gemma releases is the new design to process \u003cstrong\u003eimages of different sizes\u003c/strong\u003e using a \u003cstrong\u003efixed-budget number of tokens\u003c/strong\u003e. Unlike many models that squash every image into a fixed square (like 224×224), Gemma 4 keeps the image's natural aspect ratio while making it the right size. There a a couple constraints to follow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe total number of pixels must fit within a patch budget\u003c/li\u003e\n\u003cli\u003eBoth height and width must be divisible by \u003cstrong\u003e48\u003c/strong\u003e (= patch size 16 × pooling kernel 3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nGemma 4 does \u003cstrong\u003enot\u003c/strong\u003e apply the standard ImageNet mean/std normalization that many other vision models use. The model's own patch embedding layer handles the final scaling internally (shifting values to the [-1, 1] range).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThe number of \u0026quot;soft tokens\u0026quot; (aka vision tokens) an image processor can produce is configurable. The supported options are outlined below and the default is \u003cstrong\u003e280 soft tokens\u003c/strong\u003e per image.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"center\"\u003eSoft Tokens\u003c/th\u003e\n\u003cth align=\"center\"\u003ePatches (before pooling)\u003c/th\u003e\n\u003cth align=\"center\"\u003eApprox. Image Area\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e70\u003c/td\u003e\n\u003ctd align=\"center\"\u003e630\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~161K pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e140\u003c/td\u003e\n\u003ctd align=\"center\"\u003e1,260\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~323K pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e280\u003c/strong\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e2,520\u003c/strong\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e~645K pixels\u003c/strong\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e560\u003c/td\u003e\n\u003ctd align=\"center\"\u003e5,040\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~1.3M pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e1,120\u003c/td\u003e\n\u003ctd align=\"center\"\u003e10,080\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~2.6M pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eTo encode positional information for each patch in the image, Gemma 4 uses a learned 2D position embedding table. The position table stores up to 10,240 positions per axis, which allows the model to handle very large images. Each position is a learned vector of the same dimensions as the patch embedding. The 2D RoPE which Gemma 4 uses independently rotate half the attention head dimensions for the x-axis and the other half for the y-axis. This allows the model to understand spatial relationships like \u0026quot;above,\u0026quot; \u0026quot;below,\u0026quot; \u0026quot;left of,\u0026quot; and \u0026quot;right of.\u0026quot;\u003c/p\u003e\n\u003ch3\u003eNomicBERT\u003c/h3\u003e\n\u003cp\u003eNomicBERT is a BERT-inspired encoder model that applies Rotary Position Embeddings (RoPE) to create reproducible long context text embeddings. It is the first fully reproducible, open-source text embedding model with 8192 context length that outperforms both OpenAI Ada-002 and OpenAI text-embedding-3-small on short-context MTEB and long context LoCo benchmarks. The model generates dense vector embeddings for various tasks including search, clustering, and classification using specific instruction prefixes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/nomic_bert\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://arxiv.org/abs/2402.01613\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInternalise the NomicBERT model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43067\"\u003e#43067\u003c/a\u003e) by \u003ca href=\"https://github.com/ed22699\"\u003e\u003ccode\u003e@​ed22699\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43067\"\u003e#43067\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMusicFlamingo\u003c/h3\u003e\n\u003cp\u003eMusic Flamingo is a fully open large audio–language model designed for robust understanding and reasoning over music. It builds upon the Audio Flamingo 3 architecture by including Rotary Time Embeddings (RoTE), which injects temporal position information to enable the model to handle audio sequences up to 20 minutes. The model features a unified audio encoder across speech, sound, and music with special sound boundary tokens for improved audio sequence modeling.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/musicflamingo\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2511.10289\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Music Flamingo (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43538\"\u003e#43538\u003c/a\u003e) by \u003ca href=\"https://github.com/lashahub\"\u003e\u003ccode\u003e@​lashahub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43538\"\u003e#43538\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/c1c34249fa27deefbd4a377dfbf883a39baf5c6d\"\u003e\u003ccode\u003ec1c3424\u003c/code\u003e\u003c/a\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/20bff6865a756a074f5b893b57f0ae438b25ec46\"\u003e\u003ccode\u003e20bff68\u003c/code\u003e\u003c/a\u003e update release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/89564412a56ae6581f8aa48a533a835860dc9f43\"\u003e\u003ccode\u003e8956441\u003c/code\u003e\u003c/a\u003e v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/5135e5efa7203cd23aac0866de12dfeef038422d\"\u003e\u003ccode\u003e5135e5e\u003c/code\u003e\u003c/a\u003e casually dropping the most capable open weights on the planet (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45192\"\u003e#45192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/a594e09e3924120f1f5508e7d81946bf3504df2b\"\u003e\u003ccode\u003ea594e09\u003c/code\u003e\u003c/a\u003e Internalise the NomicBERT model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43067\"\u003e#43067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/4932e9721e230bea915341e7f04db32885b6c6af\"\u003e\u003ccode\u003e4932e97\u003c/code\u003e\u003c/a\u003e Fix resized LM head weights being overwritten by post_init (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45079\"\u003e#45079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/57e84139542c8c297873f35fcd25f66ffcf132ae\"\u003e\u003ccode\u003e57e8413\u003c/code\u003e\u003c/a\u003e [Qwen3.5 MoE] Add _tp_plan to ForConditionalGeneration (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45124\"\u003e#45124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/b10552e99dc4974b30126995baea455df43f8476\"\u003e\u003ccode\u003eb10552e\u003c/code\u003e\u003c/a\u003e Fix TypeError: 'NoneType' object is not iterable in GenerationMixin.generate ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/423f2a31d2bd05bdc1dc30dd938389edaa998fde\"\u003e\u003ccode\u003e423f2a3\u003c/code\u003e\u003c/a\u003e fix(models): Fix dtype mismatch in SwitchTransformers and TimmWrapperModel (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/ade7a05a42bf53b183bb78c181743be063c5ff14\"\u003e\u003ccode\u003eade7a05\u003c/code\u003e\u003c/a\u003e Generalize gemma vision mask to videos (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45185\"\u003e#45185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.3.0...v5.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.3 to 2.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.4 (Mar 29, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.4 Release Notes\u003c/h1\u003e\n\u003cp\u003eThe NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3\nrelease. It should finally close issue \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e, the OpenBLAS threading problem\non ARM.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 8 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eDaniel Haag +\u003c/li\u003e\n\u003cli\u003eDenis Prokopenko +\u003c/li\u003e\n\u003cli\u003eHarshith J +\u003c/li\u003e\n\u003cli\u003eKoki Watanabe\u003c/li\u003e\n\u003cli\u003eMarten van Kerkwijk\u003c/li\u003e\n\u003cli\u003eMatti Picus\u003c/li\u003e\n\u003cli\u003eNathan Goldbaum\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 7 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/30978\"\u003e#30978\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31049\"\u003e#31049\u003c/a\u003e: BUG: Add test to reproduce problem described in \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30818\"\u003e#30818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31052\"\u003e#31052\u003c/a\u003e: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31035\"\u003e#31035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31053\"\u003e#31053\u003c/a\u003e: BUG: avoid warning on ufunc with where=True and no output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31058\"\u003e#31058\u003c/a\u003e: DOC: document caveats of ndarray.resize on 3.14 and newer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31079\"\u003e#31079\u003c/a\u003e: TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31084\"\u003e#31084\u003c/a\u003e: MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/be93fe2960dbf49b4647f5783c66d967fb2c65b5\"\u003e\u003ccode\u003ebe93fe2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31090\"\u003e#31090\u003c/a\u003e from charris/prepare-2.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/f5245dc7ea5c6279c59cb0d5de81113229841290\"\u003e\u003ccode\u003ef5245dc\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/02e838ba270a5ca3dd8afc5a31c090cd34a56615\"\u003e\u003ccode\u003e02e838b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31084\"\u003e#31084\u003c/a\u003e from charris/backport-31056\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/fa74b2d05f8f7604bf6635d5280c3216c8ec667f\"\u003e\u003ccode\u003efa74b2d\u003c/code\u003e\u003c/a\u003e MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31056\"\u003e#31056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/533a6db96dfa2556a61102a58c35fd64eaf3fa2b\"\u003e\u003ccode\u003e533a6db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31079\"\u003e#31079\u003c/a\u003e from charris/backport-20801\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9e496cbd0a281195bd779ae1833f2a8f4a1d46a7\"\u003e\u003ccode\u003e9e496cb\u003c/code\u003e\u003c/a\u003e TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8052c4b69ef18e582709af946f93f9e58b848f39\"\u003e\u003ccode\u003e8052c4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31058\"\u003e#31058\u003c/a\u003e from charris/backport-31021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/7f13b5ad2b69fd6ea6aa3af7036b2dcf98e96486\"\u003e\u003ccode\u003e7f13b5a\u003c/code\u003e\u003c/a\u003e MAINT: Skip test on PyPy.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/4c5fdd66c8f379a1e2b3f40fa62bd0b87769d1c7\"\u003e\u003ccode\u003e4c5fdd6\u003c/code\u003e\u003c/a\u003e MAINT: Remove unused import of tracemalloc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/a3ca5ed354b26e0fd6e35bf29765a24271ed7c3a\"\u003e\u003ccode\u003ea3ca5ed\u003c/code\u003e\u003c/a\u003e Update numpy/_core/src/multiarray/shape.c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.3...v2.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hdbscan` from 0.8.41 to 0.8.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/releases\"\u003ehdbscan's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erelease-0.8.42\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix outlier scores by \u003ca href=\"https://github.com/JelmerBot\"\u003e\u003ccode\u003e@​JelmerBot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/697\"\u003escikit-learn-contrib/hdbscan#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequences in docstring by \u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: Build Windows wheels for CPython 3.10–3.13 (GitHub Actions) by \u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequence warning in robust_single_linkage docstring by \u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse manylinux_2_8 to build wheels on linux by \u003ca href=\"https://github.com/gclendenning\"\u003e\u003ccode\u003e@​gclendenning\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/701\"\u003escikit-learn-contrib/hdbscan#701\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ehttps://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/f62160e304b0dd45f58c93de9dc75c5d2c4c2d0b\"\u003e\u003ccode\u003ef62160e\u003c/code\u003e\u003c/a\u003e Update setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/1b8973f0c90161164b6d1e86f979551b65be3e68\"\u003e\u003ccode\u003e1b8973f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/701\"\u003e#701\u003c/a\u003e from gclendenning/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8b0f0684ad1640065259bdd2de02f7e19193c5c4\"\u003e\u003ccode\u003e8b0f068\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/703\"\u003e#703\u003c/a\u003e from bentoviml/fix-docstring-escape-warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/536440435510ba6fd7a0262bba1e2b0468cc7c32\"\u003e\u003ccode\u003e5364404\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequence warning in robust_single_linkage docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/a651934d04230f83999bb4d14e532759879e03e9\"\u003e\u003ccode\u003ea651934\u003c/code\u003e\u003c/a\u003e Use manylinux_2_8 to build wheels on linux\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/92ab72f08e64537c1d2706418286a59a8560a6d7\"\u003e\u003ccode\u003e92ab72f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/699\"\u003e#699\u003c/a\u003e from andrijajovanovic98/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/74adc5ab88ac3789125692d3ecaa435cb15f97f1\"\u003e\u003ccode\u003e74adc5a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/698\"\u003e#698\u003c/a\u003e from timmooren/fix-docstring-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/6f72f71730e436c2d6b9499737d08b6b2a587d2f\"\u003e\u003ccode\u003e6f72f71\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequences in docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/d2134e5ab313754d1b55f1b5eae84f5433f3719c\"\u003e\u003ccode\u003ed2134e5\u003c/code\u003e\u003c/a\u003e python 310\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8c8d03273a5684a7c7183d7e0b6e45021f0beaeb\"\u003e\u003ccode\u003e8c8d032\u003c/code\u003e\u003c/a\u003e p313\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4202024632","node_id":"PR_kwDORuoLRM7P3V10","number":5,"state":"closed","title":"Bump ecdsa from 0.19.1 to 0.19.2","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T20:49:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T20:06:44.000Z","updated_at":"2026-04-03T20:49:58.000Z","time_to_close":2584,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ekimtech/personal-neuro-layer/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ekimtech/personal-neuro-layer/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekimtech%2Fpersonal-neuro-layer/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4196072386","node_id":"PR_kwDOKbhx4c7PoOcn","number":2920,"state":"closed","title":"build(deps): bump the pip group across 5 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T18:15:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-02T17:49:22.000Z","updated_at":"2026-04-02T18:15:10.000Z","time_to_close":1546,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":8,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"cbor2","old_version":"5.7.0","new_version":"5.9.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"filelock","old_version":"3.19.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 5 updates in the /oid4vc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.7.0` | `5.9.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.19.1` | `3.20.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n\nBumps the pip group with 2 updates in the /oid4vc/auth_server directory: [orjson](https://github.com/ijl/orjson) and [authlib](https://github.com/authlib/authlib).\nBumps the pip group with 1 update in the /oid4vc/integration directory: [black](https://github.com/psf/black).\nBumps the pip group with 1 update in the /status_list directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /status_list/integration directory: [black](https://github.com/psf/black).\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.7.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003emax_depth\u003c/code\u003e decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209)\u003c/li\u003e\n\u003cli\u003eChanged the default \u003ccode\u003eread_size\u003c/code\u003e from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing \u003ccode\u003eread_size=4096\u003c/code\u003e when they don't need to access the stream directly after decoding. Added a direct read path for \u003ccode\u003eread_size=1\u003c/code\u003e to avoid buffer management overhead. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/275\"\u003e#275\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a missed check for an exception in the C implementation of \u003ccode\u003eCBOREncoder.encode_shared()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed two reference/memory leaks in the C extension's long string decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/290\"\u003e#290\u003c/a\u003e PR by \u003ca href=\"https://github.com/killiancowan82\"\u003e\u003ccode\u003e@​killiancowan82\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C decoder ignoring the \u003ccode\u003estr_errors\u003c/code\u003e setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/255\"\u003e#255\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/93c598838d50b554e242920902aada82d32d55bc\"\u003e\u003ccode\u003e93c5988\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/d903d62c86de118e8abe626596f9be7b98ac44e9\"\u003e\u003ccode\u003ed903d62\u003c/code\u003e\u003c/a\u003e Updated the max_depth default value in the C function signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2b53b2813d44a7919dae18747b5ac36cf9c5fb87\"\u003e\u003ccode\u003e2b53b28\u003c/code\u003e\u003c/a\u003e Stack allocate small strings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a7ac10d5cbb7a8622e8270c201a131ac2abc26c7\"\u003e\u003ccode\u003ea7ac10d\u003c/code\u003e\u003c/a\u003e Upped the max_depth value to 400\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/54c8ed541c5f4842508cace5ff4b2aae54bc731b\"\u003e\u003ccode\u003e54c8ed5\u003c/code\u003e\u003c/a\u003e Fixed reference/memory leaks in decode_definite_long_string (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a8d92dc3dc00233c796c4abccb5daa31089bf3c0\"\u003e\u003ccode\u003ea8d92dc\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c91aa007117828560329a1624eabc5dad5435ebc\"\u003e\u003ccode\u003ec91aa00\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/53521e7ca96c7a19f8a529fe59ef566212a24b3f\"\u003e\u003ccode\u003e53521e7\u003c/code\u003e\u003c/a\u003e Fixed ssize_t to Py_ssize_t\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/94e0d2125fbfb183606afa9ef07754a8dba50748\"\u003e\u003ccode\u003e94e0d21\u003c/code\u003e\u003c/a\u003e Added missing Python counterpart for max_depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/bcb6cea4edde1d00ff4f0eece883dea951f66e1b\"\u003e\u003ccode\u003ebcb6cea\u003c/code\u003e\u003c/a\u003e Added the max_depth decoder parameter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.7.0...5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.19.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compress...\n\n_Description has been truncated_","html_url":"https://github.com/openwallet-foundation/acapy-plugins/pull/2920","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openwallet-foundation%2Facapy-plugins/issues/2920","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2920/packages"},{"uuid":"4190247269","node_id":"PR_kwDONUO8uM7PZVgD","number":113,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T22:23:37.000Z","updated_at":"2026-04-01T22:24:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":14,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.0.1` | `8.6.2` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.0.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/li\u003e\n\u003cli\u003eOfficially support Python 3.12 and 3.13 (add them to CI)\u003c/li\u003e\n\u003cli\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/li\u003e\n\u003cli\u003eFix typos in warning messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/2a6593d840ad153a16ebdd4f9b772b290494f3e3\"\u003e\u003ccode\u003e2a6593d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/359\"\u003e#359\u003c/a\u003e from tlsfuzzer/release-0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/658ddc81bbd20e0197a59c9c0fa7dcc5b17d7d06\"\u003e\u003ccode\u003e658ddc8\u003c/code\u003e\u003c/a\u003e add release notes for 0.19.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/3c5df06ae85ea0b35557fe5f8874eec4f2b39db0\"\u003e\u003ccode\u003e3c5df06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/358\"\u003e#358\u003c/a\u003e from tlsfuzzer/high-s-values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/b6d43c60e309bccd681eb1baab502f817ff226b6\"\u003e\u003ccode\u003eb6d43c6\u003c/code\u003e\u003c/a\u003e use integer division for canonicalization of signatures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/aa81ba3b7339f30362098580c754576bc15edba1\"\u003e\u003ccode\u003eaa81ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/357\"\u003e#357\u003c/a\u003e from tlsfuzzer/new-badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.0...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.12 to 0.0.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003eKludex/python-multipart#216\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/203\"\u003eKludex/python-multipart#203\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary, fixes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/38\"\u003e#38\u003c/a\u003e by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003eKludex/python-multipart#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Mr-Sunglasses\"\u003e\u003ccode\u003e@​Mr-Sunglasses\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/185\"\u003eKludex/python-multipart#185\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.19\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003eKludex/python-multipart#193\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.18\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003eKludex/python-multipart#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name by \u003ca href=\"https://github.com/defnull\"\u003e\u003ccode\u003e@​defnull\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003eKludex/python-multipart#182\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.17 (2024-10-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003e#182\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.16 (2024-10-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd dunder attributes to \u003ccode\u003emultipart\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/177\"\u003e#177\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.15 (2024-10-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eFutureWarning\u003c/code\u003e to \u003ccode\u003ePendingDeprecationWarning\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/174\"\u003e#174\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd missing files to SDist \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/171\"\u003e#171\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.14 (2024-10-24)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix import scheme for \u003ccode\u003emultipart\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/168\"\u003e#168\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.13 (2024-10-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRename import to \u003ccode\u003epython_multipart\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/166\"\u003e#166\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/bea7bbb2904da8ce39123a845088dc72464eaddf\"\u003e\u003ccode\u003ebea7bbb\u003c/code\u003e\u003c/a\u003e Version 0.0.22 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0fb59a9df0f273bfde99740b302ccb2ae45e2b8a\"\u003e\u003ccode\u003e0fb59a9\u003c/code\u003e\u003c/a\u003e chore: add return type on test (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e\u003ccode\u003e9433f4b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d5c91ecb0aa1cae03fe2d9811d193c952e714f17\"\u003e\u003ccode\u003ed5c91ec\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/219\"\u003e#219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/5a90631b484f8d3284b691d453c24be3db57f5cb\"\u003e\u003ccode\u003e5a90631\u003c/code\u003e\u003c/a\u003e bump uv (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1f72955602445706b5517a6f58a720796ad3d96a\"\u003e\u003ccode\u003e1f72955\u003c/code\u003e\u003c/a\u003e Version 0.0.21 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/47ecfed3533ed8dcafd800508dbf594438fd0949\"\u003e\u003ccode\u003e47ecfed\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 and drop EOL 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/f18b70941b727c947f7e6b17e1c3321f5ad3afb6\"\u003e\u003ccode\u003ef18b709\u003c/code\u003e\u003c/a\u003e Bump the github-actions group across 1 directory with 4 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/214\"\u003e#214\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b388e9a7a82605cc8613798926afe8f6074cb372\"\u003e\u003ccode\u003eb388e9a\u003c/code\u003e\u003c/a\u003e chore: use depedency-groups in \u003ccode\u003epyproject.toml\u003c/code\u003e (\u003ca hr...\n\n_Description has been truncated_","html_url":"https://github.com/patrik-fredon/langflow/pull/113","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/113","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/113/packages"},{"uuid":"4183262804","node_id":"PR_kwDOQp2jac7PG05r","number":8,"state":"closed","title":"Bump the uv group across 10 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T00:52:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T00:50:08.000Z","updated_at":"2026-04-01T00:52:14.000Z","time_to_close":125,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":16,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"mlflow","old_version":"2.22.0","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"},{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyasn1","old_version":"0.5.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"werkzeug","old_version":"2.3.8","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.18.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"memray","old_version":"1.19.1","new_version":"1.19.2","repository_url":"https://github.com/bloomberg/memray"},{"name":"onnx","old_version":"1.15.0","new_version":"1.21.0rc1","repository_url":"https://github.com/onnx/onnx"},{"name":"orjson","old_version":"3.9.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyopenssl","old_version":"25.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/raydepsets/tests/test_data directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc/source/ray-overview/examples/e2e-xgboost directory: [mlflow](https://github.com/mlflow/mlflow).\nBumps the uv group with 2 updates in the /doc/source/ray-overview/examples/multi_agent_a2a/content directory: [langgraph](https://github.com/langchain-ai/langgraph) and [mcp](https://github.com/modelcontextprotocol/python-sdk).\nBumps the uv group with 14 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [mlflow](https://github.com/mlflow/mlflow) | `2.22.0` | `3.9.0rc0` |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.8` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.2` |\n| [memray](https://github.com/bloomberg/memray) | `1.19.1` | `1.19.2` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.0.0` | `26.0.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\nBumps the uv group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the uv group with 4 updates in the /python/requirements directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug), [black](https://github.com/psf/black) and [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 1 update in the /python/requirements/ml directory: [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 2 updates in the /release directory: [pyasn1](https://github.com/pyasn1/pyasn1) and [cryptography](https://github.com/pyca/cryptography).\nBumps the uv group with 5 updates in the /release/ray_release/byod directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.1.4` | `3.9.0rc0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.19.0 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Support pagination in get-history of FileStore and SqlAlchemyStore (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16325\"\u003e#16325\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md\"\u003emlflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.4 (2025-07-23)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.3 (2025-07-22)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.2 (2025-07-08)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.1 (2025-06-25)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/d393a0c2bd1a2dcd1ffab4784af3579266a78dc0\"\u003e\u003ccode\u003ed393a0c\u003c/code\u003e\u003c/a\u003e Run python3 dev/update_mlflow_versions.py pre-release ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/bbe2e934823661254a68202397fb77ba46b0b404\"\u003e\u003ccode\u003ebbe2e93\u003c/code\u003e\u003c/a\u003e Fix Java POM for central release (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/91712a50b5f61553f7d01176dc5f02bd7cae0897\"\u003e\u003ccode\u003e91712a5\u003c/code\u003e\u003c/a\u003e lint change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/6d1469df7094b666b3df723a8c1c93e4d2d05955\"\u003e\u003ccode\u003e6d1469d\u003c/code\u003e\u003c/a\u003e fix merge for model serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3fa96eb8f099281bbc3021eee351e200e98e542a\"\u003e\u003ccode\u003e3fa96eb\u003c/code\u003e\u003c/a\u003e Fix releasing to central (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/377a0f2faeb0d4435df1982ea19d9dc900a819e5\"\u003e\u003ccode\u003e377a0f2\u003c/code\u003e\u003c/a\u003e update mlflow-tracing version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/5cc8e8d880543f578bf87227949195ec50d26ff0\"\u003e\u003ccode\u003e5cc8e8d\u003c/code\u003e\u003c/a\u003e Update build scripts to handle mlflow-tracing (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/15860\"\u003e#15860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3acca543505a4a1ceff8c226de44003d3814cdaf\"\u003e\u003ccode\u003e3acca54\u003c/code\u003e\u003c/a\u003e Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/16748ac5acb42647ef277e96797dfbcb626c36b7\"\u003e\u003ccode\u003e16748ac\u003c/code\u003e\u003c/a\u003e Update pom with further fixes (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/311a33195f3d58f3390fd23298df4d2cf4360a5b\"\u003e\u003ccode\u003e311a331\u003c/code\u003e\u003c/a\u003e Fix issue with search_registered_models with Databricks UC backend not suppor...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mlflow/mlflow/compare/v2.19.0...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.0.3 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: shallow copy futures (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6755\"\u003e#6755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: pydantic messages double streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6753\"\u003e#6753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6673\"\u003e#6673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: enhance \u003ccode\u003eRuntime\u003c/code\u003e and \u003ccode\u003eToolRuntime\u003c/code\u003e class descriptions for clarity (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add clarity to use of \u003ccode\u003ethread_id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6515\"\u003e#6515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add docstrings to \u003ccode\u003eadd_node\u003c/code\u003e overloads (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6514\"\u003e#6514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: update notebook links and add archival notices for examples (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6720\"\u003e#6720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6716\"\u003e#6716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: inject ToolRuntime for dynamically registered tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6874\"\u003e#6874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6849\"\u003e#6849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6810\"\u003e#6810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs(prebuilt): update warning for \u003ccode\u003ecreate_react_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6760\"\u003e#6760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.3...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.22.0 to 3.9.0rc0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#1645...\n\n_Description has been truncated_","html_url":"https://github.com/preechapon250/ray/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/preechapon250%2Fray/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4173850764","node_id":"PR_kwDOOqpDzM7OvzvK","number":13,"state":"closed","title":"Bump the pip group across 4 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T21:20:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T20:24:14.000Z","updated_at":"2026-04-01T21:20:16.000Z","time_to_close":176160,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":5,"packages":[{"name":"pypdf","old_version":"5.6.0","new_version":"6.9.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"45.0.4","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"langchain-core","old_version":"0.3.64","new_version":"1.2.22","repository_url":"https://github.com/langchain-ai/langchain"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.6.0` | `6.9.2` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.4` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.64` | `1.2.22` |\n\nBumps the pip group with 5 updates in the /1_foundations/community_contributions/weather-tool directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.6.1` | `6.9.2` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.4` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.66` | `1.2.22` |\n\nBumps the pip group with 1 update in the /2_openai/community_contributions/sngo_deep_research_all_agents directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /3_crew/community_contributions/conversational-debate directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `pypdf` from 5.6.0 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.7.5, 2026-03-02\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the performance of the ASCIIHexDecode filter (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3666\"\u003e#3666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.6.0...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.4 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.4...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.64 to 1.2.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.22\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.21\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\nfix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate methods (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36200\"\u003e#36200\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.21\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.20\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nchore(core): remove stale blockbuster allowlist for deleted context module (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36168\"\u003e#36168\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.20\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.19\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.20 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36085\"\u003e#36085\u003c/a\u003e)\nfix(core): trace invocation params in metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36080\"\u003e#36080\u003c/a\u003e)\nfeat: Add LangSmith integration metadata to create_agent and init_chat_model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35810\"\u003e#35810\u003c/a\u003e)\nfeat(core): harden anti-ssrf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35960\"\u003e#35960\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\ndocs(core): document \u003ccode\u003ebase_url\u003c/code\u003e in mermaid api (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35961\"\u003e#35961\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35805\"\u003e#35805\u003c/a\u003e)\nchore: housekeeping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35850\"\u003e#35850\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.19\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.18\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35832\"\u003e#35832\u003c/a\u003e)\nchore(core): move BaseCrossEncoder to langchain-core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35809\"\u003e#35809\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35775\"\u003e#35775\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.18\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.17\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.18 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35704\"\u003e#35704\u003c/a\u003e)\nfix(core): fix double backticks in deprecation docstring for alternative_import (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35658\"\u003e#35658\u003c/a\u003e)\nfix(core): preserve default_factory when generating tool call schema (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35550\"\u003e#35550\u003c/a\u003e)\nfeat(openai): support tool search (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35582\"\u003e#35582\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35605\"\u003e#35605\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.17\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.16\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.17 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35527\"\u003e#35527\u003c/a\u003e)\nfix(core): extract usage metadata from serialized tracer message outputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35526\"\u003e#35526\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35513\"\u003e#35513\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35441\"\u003e#35441\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d22df94537e4267f72dc1bbfc8e3849baf20d9f7\"\u003e\u003ccode\u003ed22df94\u003c/code\u003e\u003c/a\u003e release(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c\"\u003e\u003ccode\u003e27add91\u003c/code\u003e\u003c/a\u003e fix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate metho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7563fceb40ce31165524f3f57ec65e487c02b1a7\"\u003e\u003ccode\u003e7563fce\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36195\"\u003e#36195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3e64c255b84b283b3a65216b19b9838734258c96\"\u003e\u003ccode\u003e3e64c25\u003c/code\u003e\u003c/a\u003e chore: use repo permissions instead of org membership for maintainer override...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1778b082ecd64a9dedd48674d874ca1bfcbe4c7d\"\u003e\u003ccode\u003e1778b08\u003c/code\u003e\u003c/a\u003e chore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/ad574fce0d52740c249b0db7bde871d779ffb93d\"\u003e\u003ccode\u003ead574fc\u003c/code\u003e\u003c/a\u003e fix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/19f81cf6f1d73f7adf156491ba0617497a526b8c\"\u003e\u003ccode\u003e19f81cf\u003c/code\u003e\u003c/a\u003e release(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6d07ef28a7023dc7b832fe52862f7a6fc0a187f3\"\u003e\u003ccode\u003e6d07ef2\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/2f64d80cc65091985873c339ca76a59af7baf739\"\u003e\u003ccode\u003e2f64d80\u003c/code\u003e\u003c/a\u003e fix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5ffece5c033365baf4a3df52ffed5c6bfbed27ee\"\u003e\u003ccode\u003e5ffece5\u003c/code\u003e\u003c/a\u003e chore(core): remove stale blockbuster allowlist for deleted context module (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.64...langchain-core==1.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 5.6.1 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.7.5, 2026-03-02\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the performance of the ASCIIHexDecode filter (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3666\"\u003e#3666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.6.0...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.4 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.4...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.66 to 1.2.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.22\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.21\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\nfix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate methods (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36200\"\u003e#36200\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.21\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.20\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nchore(core): remove stale blockbuster allowlist for deleted context module (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36168\"\u003e#36168\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.20\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.19\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.20 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36085\"\u003e#36085\u003c/a\u003e)\nfix(core): trace invocation params in metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36080\"\u003e#36080\u003c/a\u003e)\nfeat: Add LangSmith integration metadata to create_agent and init_chat_model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35810\"\u003e#35810\u003c/a\u003e)\nfeat(core): harden anti-ssrf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35960\"\u003e#35960\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\ndocs(core): document \u003ccode\u003ebase_url\u003c/code\u003e in mermaid api (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35961\"\u003e#35961\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35805\"\u003e#35805\u003c/a\u003e)\nchore: housekeeping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35850\"\u003e#35850\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.19\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.18\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35832\"\u003e#35832\u003c/a\u003e)\nchore(core): move BaseCrossEncoder to langchain-core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35809\"\u003e#35809\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35775\"\u003e#35775\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.18\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.17\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.18 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35704\"\u003e#35704\u003c/a\u003e)\nfix(core): fix double backticks in deprecation docstring for alternative_import (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35658\"\u003e#35658\u003c/a\u003e)\nfix(core): preserve default_factory when generating tool call schema (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35550\"\u003e#35550\u003c/a\u003e)\nfeat(openai): support tool search (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35582\"\u003e#35582\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35605\"\u003e#35605\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.17\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.16\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.17 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35527\"\u003e#35527\u003c/a\u003e)\nfix(core): extract usage metadata from serialized tracer message outputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35526\"\u003e#35526\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35513\"\u003e#35513\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35441\"\u003e#35441\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d22df94537e4267f72dc1bbfc8e3849baf20d9f7\"\u003e\u003ccode\u003ed22df94\u003c/code\u003e\u003c/a\u003e release(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c\"\u003e\u003ccode\u003e27add91\u003c/code\u003e\u003c/a\u003e fix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate metho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7563fceb40ce31165524f3f57ec65e487c02b1a7\"\u003e\u003ccode\u003e7563fce\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36195\"\u003e#36195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3e64c255b84b283b3a65216b19b9838734258c96\"\u003e\u003ccode\u003e3e64c25\u003c/code\u003e\u003c/a\u003e chore: use repo permissions instead of org membership for maintainer override...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1778b082ecd64a9dedd48674d874ca1bfcbe4c7d\"\u003e\u003ccode\u003e1778b08\u003c/code\u003e\u003c/a\u003e chore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/l...\n\n_Description has been truncated_","html_url":"https://github.com/RailDevOps/agents/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RailDevOps%2Fagents/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4173836593","node_id":"PR_kwDOPVjG2c7Ovw5_","number":22,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T20:23:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T20:21:42.000Z","updated_at":"2026-03-30T20:23:59.000Z","time_to_close":135,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"black","old_version":"25.9.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"deepdiff","old_version":"8.6.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"dynaconf","old_version":"3.2.12","new_version":"3.2.13","repository_url":"https://github.com/dynaconf/dynaconf"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"google-cloud-aiplatform","old_version":"1.120.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"langgraph-checkpoint","old_version":"2.1.2","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"protobuf","old_version":"5.29.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [black](https://github.com/psf/black) | `25.9.0` | `26.3.1` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.6.1` | `8.6.2` |\n| [dynaconf](https://github.com/dynaconf/dynaconf) | `3.2.12` | `3.2.13` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.120.0` | `1.133.0` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.1.2` | `4.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.22` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.0` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.9.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.9.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.6.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.6.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dynaconf` from 3.2.12 to 3.2.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dynaconf/dynaconf/releases\"\u003edynaconf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.2.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e@jinja\u003c/code\u003e and \u003ccode\u003e@format\u003c/code\u003e templating vulnerabilities. *By \u003ca href=\"https://github.com/pedro-psb\"\u003e\u003ccode\u003e@​pedro-psb\u003c/code\u003e\u003c/a\u003e *.\u003c/li\u003e\n\u003cli\u003eFix failing \u003ccode\u003e@get\u003c/code\u003e converter. *By \u003ca href=\"https://github.com/rochacbruno\"\u003e\u003ccode\u003e@​rochacbruno\u003c/code\u003e\u003c/a\u003e *\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\"\u003ehttps://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dynaconf/dynaconf/blob/3.2.13/CHANGELOG.md\"\u003edynaconf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/pedro-psb/dynaconf/releases/tag/3.2.13\"\u003e3.2.13\u003c/a\u003e - 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix linting errors and pre-commit config. \u003cem\u003eBy Pedro Brochado\u003c/em\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/3c39a2cc910e4e018f9c745494b019e979f587d1\"\u003e\u003ccode\u003e3c39a2c\u003c/code\u003e\u003c/a\u003e Release version 3.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/379fc67bdba3b35a6849db06683c7b4232d28489\"\u003e\u003ccode\u003e379fc67\u003c/code\u003e\u003c/a\u003e chore: fix linting errors and pre-commit config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7\"\u003e\u003ccode\u003e2fbb45e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://github.com/jinja\"\u003e\u003ccode\u003e@​jinja\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/format\"\u003e\u003ccode\u003e@​format\u003c/code\u003e\u003c/a\u003e templating vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/8547454cdf46dcc032a2fb46dad57fdb0235ec22\"\u003e\u003ccode\u003e8547454\u003c/code\u003e\u003c/a\u003e backport \u003ca href=\"https://redirect.github.com/dynaconf/dynaconf/issues/1347\"\u003e#1347\u003c/a\u003e fix failing get converter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/83c1690cfc540347605d2fc55fec3a70488c5eba\"\u003e\u003ccode\u003e83c1690\u003c/code\u003e\u003c/a\u003e Bump to version 3.2.13-dev0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.120.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.120.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-checkpoint` from 2.1.2 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-checkpoint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-checkpoint==4.0.0\u003c/h2\u003e\n\u003cp\u003eChanges since checkpoint==3.0.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(checkpoint): InMemorySaver context managers should return self in… (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6529\"\u003e#6529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: docstring for serializer protocol (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6525\"\u003e#6525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: clean up some refs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6487\"\u003e#6487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003epyproject.toml\u003c/code\u003e links (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6364\"\u003e#6364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.5\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: re-use connection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7220\"\u003e#7220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7194\"\u003e#7194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7071\"\u003e#7071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6916\"\u003e#6916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.7 to 1.2.11 in /libs/checkpoint-postgres (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6831\"\u003e#6831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6808\"\u003e#6808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.4\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: storage nits (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6651\"\u003e#6651\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-sqlite==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointsqlite==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: aiosqlite's breaking change (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.2\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c\"\u003e\u003ccode\u003ef91d79d\u003c/code\u003e\u003c/a\u003e fix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/cb2faa7dda0f2ea49d2729361e1802fb233feaa5\"\u003e\u003ccode\u003ecb2faa7\u003c/code\u003e\u003c/a\u003e fix(prebuilt): support generic type arguments for ToolRuntime injection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6509\"\u003e#6509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a5827c5c6193669d3063897e1845a45cfb90d732\"\u003e\u003ccode\u003ea5827c5\u003c/code\u003e\u003c/a\u003e fix: change default recursion limit (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5212369bd0791806083f183cb19ccce024db8790\"\u003e\u003ccode\u003e5212369\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add end-time to crons client (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7045a23148bfb7c7de825776531d163f22241aaa\"\u003e\u003ccode\u003e7045a23\u003c/code\u003e\u003c/a\u003e fix: add \u003ccode\u003estate\u003c/code\u003e attribute to \u003ccode\u003eToolCallRequest\u003c/code\u003e overrides (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6668\"\u003e#6668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/728db10b1f38c9c56f097d2847f0330977d5eba2\"\u003e\u003ccode\u003e728db10\u003c/code\u003e\u003c/a\u003e fix: suppress unintended deprecation warning (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6669\"\u003e#6669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/454af218968b2962b4beeb9a28b9d421f0610694\"\u003e\u003ccode\u003e454af21\u003c/code\u003e\u003c/a\u003e feat(sdk-py): cron.on_run_completed support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b4630d84520e5f8b6c6580f15cd7dada214ef657\"\u003e\u003ccode\u003eb4630d8\u003c/code\u003e\u003c/a\u003e chore: delete docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6488\"\u003e#6488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/311465bbf7751829942b92bc28c5a79e0666710f\"\u003e\u003ccode\u003e311465b\u003c/code\u003e\u003c/a\u003e fix: sanitize namespace for deeply nested graph jumps (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6665\"\u003e#6665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8ccead9560f6cd76537f632d7a310ba41e38f28b\"\u003e\u003ccode\u003e8ccead9\u003c/code\u003e\u003c/a\u003e docs: x-refs and explainer in tool node docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6653\"\u003e#6653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/checkpoint==2.1.2...checkpoint==4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuatio...\n\n_Description has been truncated_","html_url":"https://github.com/philipgabrielromano/langflow/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philipgabrielromano%2Flangflow/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"4167268894","node_id":"PR_kwDORju0hs7Oeyzw","number":20,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-06T04:37:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T04:38:58.000Z","updated_at":"2026-04-06T04:37:21.000Z","time_to_close":604702,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":24,"packages":[{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.4.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.2","repository_url":"https://github.com/fastapi/fastapi"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.44.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.48","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.42.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 24 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.3.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.4.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.44.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.48` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.42.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n\n\nUpdates `torch` from 2.7.1+cpu to 2.11.0+cpu\n\nUpdates `sentence-transformers` from 5.2.3 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0 - Improved Contrastive Learning, New Losses, and Transformers v5 Compatibility\u003c/h2\u003e\n\u003cp\u003eThis minor version brings several improvements to contrastive learning: \u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports alternative InfoNCE formulations (symmetric, GTE-style) and optional hardness weighting for harder negatives. Two new losses are introduced, \u003ccode\u003eGlobalOrthogonalRegularizationLoss\u003c/code\u003e for embedding space regularization and \u003ccode\u003eCachedSpladeLoss\u003c/code\u003e for memory-efficient SPLADE training. The release also adds a faster hashed batch sampler, fixes \u003ccode\u003eGroupByLabelBatchSampler\u003c/code\u003e for triplet losses, and ensures full compatibility with the latest Transformers v5 versions.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.3.0\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.3.0\npip install sentence-transformers[onnx-gpu]==5.3.0\npip install sentence-transformers[onnx]==5.3.0\npip install sentence-transformers[openvino]==5.3.0\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eUpdated MultipleNegativesRankingLoss (a.k.a. InfoNCE)\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e received two major upgrades: support for alternative InfoNCE formulations from the literature, and optional hardness weighting to up-weight harder negatives.\u003c/p\u003e\n\u003ch3\u003eSupport other InfoNCE variants (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3607\"\u003e#3607\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports several well-known contrastive loss variants from the literature through new \u003ccode\u003edirections\u003c/code\u003e and \u003ccode\u003epartition_mode\u003c/code\u003e parameters. Previously, this loss only supported the standard forward direction (query → doc). You can now configure which similarity interactions are included in the loss:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_doc\u0026quot;\u003c/code\u003e (default): For each query, its matched document should score higher than all other documents.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_query\u0026quot;\u003c/code\u003e: The symmetric reverse — for each document, its matched query should score higher than all other queries.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_query\u0026quot;\u003c/code\u003e: For each query, all other queries should score lower than its matched document.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_doc\u0026quot;\u003c/code\u003e: For each document, all other documents should score lower than its matched query.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ccode\u003epartition_mode\u003c/code\u003e controls how scores are normalized: \u003ccode\u003e\u0026quot;joint\u0026quot;\u003c/code\u003e computes a single softmax over all directions, while \u003ccode\u003e\u0026quot;per_direction\u0026quot;\u003c/code\u003e computes a separate softmax per direction and averages the losses.\u003c/p\u003e\n\u003cp\u003eThese combine to reproduce several loss formulations from the literature:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eStandard InfoNCE\u003c/strong\u003e (default, unchanged behavior):\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(model)\r\n# equivalent to directions=(\u0026quot;query_to_doc\u0026quot;,), partition_mode=\u0026quot;joint\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eSymmetric InfoNCE\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2310.19923\"\u003eGünther et al. 2024\u003c/a\u003e) — adds the reverse direction so both queries and documents are trained to find their match:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n    model,\r\n    directions=(\u0026quot;query_to_doc\u0026quot;, \u0026quot;doc_to_query\u0026quot;),\r\n    partition_mode=\u0026quot;per_direction\u0026quot;,\r\n)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eGTE improved contrastive loss\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2308.03281\"\u003eLi et al. 2023\u003c/a\u003e) — adds same-type negatives (query \u0026lt;-\u0026gt; query, doc \u0026lt;-\u0026gt; doc) for a stronger training signal, especially useful with pairs-only data:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce48ecc77f8c7ed97c8fcc3cd99fde6071206680\"\u003e\u003ccode\u003ece48ecc\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.3-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/cec08f89aabaa11a1675529fb7b11618c8255622\"\u003e\u003ccode\u003ecec08f8\u003c/code\u003e\u003c/a\u003e Fix citation for EmbeddingGemma paper (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/c29b3a69f7eca78d613fc2e465989ee880216c8d\"\u003e\u003ccode\u003ec29b3a6\u003c/code\u003e\u003c/a\u003e Release v5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/55c13de47ea9475b1416a34af36716cc477bd95f\"\u003e\u003ccode\u003e55c13de\u003c/code\u003e\u003c/a\u003e Prep docs main page for v5.3.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/72e75f7868700a768f6c57fb16e76b18df250f72\"\u003e\u003ccode\u003e72e75f7\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003etests\u003c/code\u003e] Add slow reproduction tests for most common models (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/237e44151758a9b4eb86b1ecd73152884073549a\"\u003e\u003ccode\u003e237e441\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Fix model card generation with set_transform with new column names (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/7f180b4b7146af66e2b043cdaa89bf87babe28bc\"\u003e\u003ccode\u003e7f180b4\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efeat\u003c/code\u003e] Add hardness-weighted contrastive learning to losses (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/58900864d51cde2f918885587709b2466938422c\"\u003e\u003ccode\u003e5890086\u003c/code\u003e\u003c/a\u003e Disallow query_to_query/doc_to_doc with partition_mode=\u0026quot;per_direction\u0026quot; due to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/6518c36671294b2125506f0d382d04102f739c91\"\u003e\u003ccode\u003e6518c36\u003c/code\u003e\u003c/a\u003e CE trainer: Removed IterableDataset from train and eval dataset type hints (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1e0e84cbfb5483ffe1a5ff7db459c67a61487f3f\"\u003e\u003ccode\u003e1e0e84c\u003c/code\u003e\u003c/a\u003e Add tips for adjusting batch size to improve processing speed (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.3.0 to 5.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v5.4.0: PaddlePaddle models 🙌, Mistral 4, PI0, VidEoMT, UVDoc, SLANeXt, Jina Embeddings v3\u003c/h2\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eVidEoMT\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eVideo Encoder-only Mask Transformer (VidEoMT) is a lightweight encoder-only model for online video segmentation built on a plain Vision Transformer (ViT). It eliminates the need for dedicated tracking modules by introducing a lightweight query propagation mechanism that carries information across frames and employs a query fusion strategy that combines propagated queries with temporally-agnostic learned queries. VidEoMT achieves competitive accuracy while being 5x-10x faster than existing approaches, running at up to 160 FPS with a ViT-L backbone.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/videomt\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2602.17807\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd VidEoMT (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44285\"\u003e#44285\u003c/a\u003e) by \u003ca href=\"https://github.com/NielsRogge\"\u003e\u003ccode\u003e@​NielsRogge\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44285\"\u003e#44285\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUVDoc\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eUVDoc is a machine learning model designed for document image rectification and correction. The main purpose of this model is to carry out geometric transformation on images to correct document distortion, inclination, perspective deformation and other problems in document images. It provides both single input and batched inference capabilities for processing distorted document images.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/uvdoc\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model] Add UVDoc Model Support (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43385\"\u003e#43385\u003c/a\u003e) by \u003ca href=\"https://github.com/XingweiDeng\"\u003e\u003ccode\u003e@​XingweiDeng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43385\"\u003e#43385\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJina Embeddings v3\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eThe Jina-Embeddings-v3 is a multilingual, multi-task text embedding model designed for a variety of NLP applications. Based on the XLM-RoBERTa architecture, this model supports Rotary Position Embeddings (RoPE) replacing absolute position embeddings to support long input sequences up to 8192 tokens. Additionally, it features 5 built-in Task-Specific LoRA Adapters that allow the model to generate task-specific embeddings (e.g., for retrieval vs. classification) without increasing inference latency significantly.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/jina_embeddings_v3\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2409.10173\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eJina-Embeddings-V3\u003c/code\u003e Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44251\"\u003e#44251\u003c/a\u003e) by \u003ca href=\"https://github.com/Sai-Suraj-27\"\u003e\u003ccode\u003e@​Sai-Suraj-27\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44251\"\u003e#44251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMistral4\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eMistral 4 is a powerful hybrid model with the capability of acting as both a general instruction model and a reasoning model. It unifies the capabilities of three different model families - Instruct, Reasoning (previously called Magistral), and Devstral - into a single, unified model. The model features a MoE architecture with 128 experts and 4 active, 119B parameters with 6.5B activated per token, 256k context length, and supports multimodal input with both text and image processing capabilities.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mistral4\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Mistral 4 (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44760\"\u003e#44760\u003c/a\u003e) by \u003ca href=\"https://github.com/juliendenize\"\u003e\u003ccode\u003e@​juliendenize\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44760\"\u003e#44760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePI0\u003c/h3\u003e\n\u003cp\u003ePI0 is a vision-language-action model for robotics manipulation that jointly processes visual observations and language instructions to generate robot actions. It uses a novel flow matching architecture built on top of a pre-trained vision-language model to inherit Internet-scale semantic knowledge. The model can perform complex dexterous tasks like laundry folding, table cleaning, and assembling boxes across multiple robot platforms including single-arm robots, dual-arm robots, and mobile manipulators.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/pi0\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2410.24164\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd model lerobot PI0 to transformers (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44160\"\u003e#44160\u003c/a\u003e) by \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44160\"\u003e#44160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSLANeXt\u003c/h3\u003e\n\u003cp\u003eSLANeXt is a series of dedicated lightweight models for table structure recognition, focusing on accurately recognizing table structures in documents and natural scenes. The SLANeXt series is a new generation of table structure recognition models independently developed by the Baidu PaddlePaddle Vision Team, with dedicated weights trained separately for wired and wireless tables. The recognition ability for all types of tables has been significantly improved, especially for wired tables.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/276f1402020831d949c2e1a80574a5603995de23\"\u003e\u003ccode\u003e276f140\u003c/code\u003e\u003c/a\u003e v5.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/16d437e43adffaef9cd60070563f2afe6a5703a4\"\u003e\u003ccode\u003e16d437e\u003c/code\u003e\u003c/a\u003e fix: protect torch imports in processing files and fix import guards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/97b7727e1129bcaebe42ce57ce37fa1a48847a89\"\u003e\u003ccode\u003e97b7727\u003c/code\u003e\u003c/a\u003e Fix release full (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45029\"\u003e#45029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/78bdaf0b39c29737b9ca48a274ef4a34bdafd4d1\"\u003e\u003ccode\u003e78bdaf0\u003c/code\u003e\u003c/a\u003e Add cohere asr (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45023\"\u003e#45023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e895107784ea68cd80e101acda5eb53aa07b9392\"\u003e\u003ccode\u003ee895107\u003c/code\u003e\u003c/a\u003e docs: add PermuteForRope to conversion operations reverse table (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45035\"\u003e#45035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/67100ccaad9b406d05a1214d95293cb0623b7890\"\u003e\u003ccode\u003e67100cc\u003c/code\u003e\u003c/a\u003e [CB] Persistent manager (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44435\"\u003e#44435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/69f9d552e9f7977291e707f1ae260c64193ea6ab\"\u003e\u003ccode\u003e69f9d55\u003c/code\u003e\u003c/a\u003e Add BC for \u003ccode\u003e_further_process_kwargs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45033\"\u003e#45033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e3f7cc3b4a5499c52ad56c72cad295de562f5b54\"\u003e\u003ccode\u003ee3f7cc3\u003c/code\u003e\u003c/a\u003e Use multi runners to check new failing tests in a CI run (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45032\"\u003e#45032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/882ffdbbd6b8ad50feaa860d702e70950cfc95d0\"\u003e\u003ccode\u003e882ffdb\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Use the correct _tied_weights_keys for CamembertForCausalLM (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45031\"\u003e#45031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d81ad48109331f910fd81f699869855cbd50f681\"\u003e\u003ccode\u003ed81ad48\u003c/code\u003e\u003c/a\u003e change dev ver. we forgot to do this when we released 5.3.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.3.0...v5.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.3 to 2.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.4 (Mar 29, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.4 Release Notes\u003c/h1\u003e\n\u003cp\u003eThe NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3\nrelease. It should finally close issue \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e, the OpenBLAS threading problem\non ARM.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 8 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eDaniel Haag +\u003c/li\u003e\n\u003cli\u003eDenis Prokopenko +\u003c/li\u003e\n\u003cli\u003eHarshith J +\u003c/li\u003e\n\u003cli\u003eKoki Watanabe\u003c/li\u003e\n\u003cli\u003eMarten van Kerkwijk\u003c/li\u003e\n\u003cli\u003eMatti Picus\u003c/li\u003e\n\u003cli\u003eNathan Goldbaum\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 7 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/30978\"\u003e#30978\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31049\"\u003e#31049\u003c/a\u003e: BUG: Add test to reproduce problem described in \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30818\"\u003e#30818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31052\"\u003e#31052\u003c/a\u003e: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31035\"\u003e#31035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31053\"\u003e#31053\u003c/a\u003e: BUG: avoid warning on ufunc with where=True and no output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31058\"\u003e#31058\u003c/a\u003e: DOC: document caveats of ndarray.resize on 3.14 and newer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31079\"\u003e#31079\u003c/a\u003e: TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31084\"\u003e#31084\u003c/a\u003e: MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/be93fe2960dbf49b4647f5783c66d967fb2c65b5\"\u003e\u003ccode\u003ebe93fe2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31090\"\u003e#31090\u003c/a\u003e from charris/prepare-2.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/f5245dc7ea5c6279c59cb0d5de81113229841290\"\u003e\u003ccode\u003ef5245dc\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/02e838ba270a5ca3dd8afc5a31c090cd34a56615\"\u003e\u003ccode\u003e02e838b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31084\"\u003e#31084\u003c/a\u003e from charris/backport-31056\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/fa74b2d05f8f7604bf6635d5280c3216c8ec667f\"\u003e\u003ccode\u003efa74b2d\u003c/code\u003e\u003c/a\u003e MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31056\"\u003e#31056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/533a6db96dfa2556a61102a58c35fd64eaf3fa2b\"\u003e\u003ccode\u003e533a6db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31079\"\u003e#31079\u003c/a\u003e from charris/backport-20801\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9e496cbd0a281195bd779ae1833f2a8f4a1d46a7\"\u003e\u003ccode\u003e9e496cb\u003c/code\u003e\u003c/a\u003e TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8052c4b69ef18e582709af946f93f9e58b848f39\"\u003e\u003ccode\u003e8052c4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31058\"\u003e#31058\u003c/a\u003e from charris/backport-31021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/7f13b5ad2b69fd6ea6aa3af7036b2dcf98e96486\"\u003e\u003ccode\u003e7f13b5a\u003c/code\u003e\u003c/a\u003e MAINT: Skip test on PyPy.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/4c5fdd66c8f379a1e2b3f40fa62bd0b87769d1c7\"\u003e\u003ccode\u003e4c5fdd6\u003c/code\u003e\u003c/a\u003e MAINT: Remove unused import of tracemalloc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/a3ca5ed354b26e0fd6e35bf29765a24271ed7c3a\"\u003e\u003ccode\u003ea3ca5ed\u003c/code\u003e\u003c/a\u003e Update numpy/_core/src/multiarray/shape.c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.3...v2.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hdbscan` from 0.8.41 to 0.8.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/releases\"\u003ehdbscan's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erelease-0.8.42\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix outlier scores by \u003ca href=\"https://github.com/JelmerBot\"\u003e\u003ccode\u003e@​JelmerBot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/697\"\u003escikit-learn-contrib/hdbscan#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequences in docstring by \u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: Build Windows wheels for CPython 3.10–3.13 (GitHub Actions) by \u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequence warning in robust_single_linkage docstring by \u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse manylinux_2_8 to build wheels on linux by \u003ca href=\"https://github.com/gclendenning\"\u003e\u003ccode\u003e@​gclendenning\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/701\"\u003escikit-learn-contrib/hdbscan#701\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ehttps://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/f62160e304b0dd45f58c93de9dc75c5d2c4c2d0b\"\u003e\u003ccode\u003ef62160e\u003c/code\u003e\u003c/a\u003e Update setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/1b8973f0c90161164b6d1e86f979551b65be3e68\"\u003e\u003ccode\u003e1b8973f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/701\"\u003e#701\u003c/a\u003e from gclendenning/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8b0f0684ad1640065259bdd2de02f7e19193c5c4\"\u003e\u003ccode\u003e8b0f068\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/703\"\u003e#703\u003c/a\u003e from bentoviml/fix-docstring-escape-warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/536440435510ba6fd7a0262bba1e2b0468cc7c32\"\u003e\u003ccode\u003e5364404\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequence warning in robust_single_linkage docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/a651934d04230f83999bb4d14e532759879e03e9\"\u003e\u003ccode\u003ea651934\u003c/code\u003e\u003c/a\u003e Use manylinux_2_8 to build wheels on linux\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/92ab72f08e64537c1d2706418286a59a8560a6d7\"\u003e\u003ccode\u003e92ab72f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/699\"\u003e#699\u003c/a\u003e from andrijajovanovic98/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/74adc5ab88ac3789125692d3ecaa435cb15f97f1\"\u003e\u003ccode\u003e74adc5a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/698\"\u003e#698\u003c/a\u003e from timmooren/fix-docstring-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/6f72f71730e436c2d6b9499737d08b6b2a587d2f\"\u003e\u003ccode\u003e6f72f71\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequences in docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/d2134e5ab313754d1b55f1b5eae84f5433f3719c\"\u003e\u003ccode\u003ed2134e5\u003c/code\u003e\u003c/a\u003e python 310\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8c8d03273a5684a7c7183d7e0b6e45021f0beaeb\"\u003e\u003ccode\u003e8c8d032\u003c/code\u003e\u003c/a\u003e p313\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15167\"\u003e#15167\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15169\"\u003e#15169\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15165\"\u003e#15165\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15163\"\u003e#15163\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15160\"\u003e#15160\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15158\"\u003e#15158\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15157\"\u003e#15157\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15159\"\u003e#15159\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15155\"\u003e#15155\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15154\"\u003e#15154\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15156\"\u003e#15156\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-and-add). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15152\"\u003e#15152\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15153\"\u003e#15153\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Exclude spam comments from statistics in \u003ccode\u003escripts/people.py\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15088\"\u003e#15088\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.7 to 1.6.9. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15128\"\u003e#15128\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15143\"\u003e#15143\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ujson from 5.11.0 to 5.12.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15150\"\u003e#15150\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Tweak translation workflow and translation fixer tool. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15166\"\u003e#15166\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/25a3697cedc6e7dfb84e93c8ff965801486f00f4\"\u003e\u003ccode\u003e25a3697\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ab125daa4034435777853a2c5a6c47451414f9aa\"\u003e\u003ccode\u003eab125da\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/122b6d490f844b6f716855d55a3e11237b7fb61f\"\u003e\u003ccode\u003e122b6d4\u003c/code\u003e\u003c/a\u003e 📝 Add missing last release notes dates (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15202\"\u003e#15202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/68ac0ab91e9b14c418013790fc0e420a827686b5\"\u003e\u003ccode\u003e68ac0ab\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ea6e287eb398afe6a82c3ef71780e8451813f674\"\u003e\u003ccode\u003eea6e287\u003c/code\u003e\u003c/a\u003e 📝 Update docs for contributors and team members regarding translation PRs (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d0a6f208c5cb5daaa1de5ea5187729e3789d1dce\"\u003e\u003ccode\u003ed0a6f20\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fd9e192cf4fae399c0d51dd23e2a137052eb6087\"\u003e\u003ccode\u003efd9e192\u003c/code\u003e\u003c/a\u003e 💄 Fix code blocks in reference docs overflowing table width (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15094\"\u003e#15094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fce9460f865928eb7d0393d8809bbc472e0c21cd\"\u003e\u003ccode\u003efce9460\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0227991a01e61bf5cdd93cc00e9e243f52b47a4a\"\u003e\u003ccode\u003e0227991\u003c/code\u003e\u003c/a\u003e 🔨 Exclude spam comments from statistics in \u003ccode\u003escripts/people.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15088\"\u003e#15088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cbd64b09a32681d3b0ea097608bc62eb0d1587e0\"\u003e\u003ccode\u003ecbd64b0\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.6.1 to 2.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Deterministic alias selection when using validate_by_name by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/707\"\u003epydantic/pydantic-settings#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deep merge functionality to config file sources by \u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS Secrets Manager VersionId parameter by \u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebugfix: Return \u003ccode\u003eNone\u003c/code\u003e for inaccessible GCP Secret Manager secrets by \u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBugfix for cli_kebab_case=\u0026quot;all\u0026quot; and CliImplicitFlag[bool] by \u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnpack type alisases when looking for \u003ccode\u003eNoDecode\u003c/code\u003e by \u003ca href=\"https://github.com/tselepakis\"\u003e\u003ccode\u003e@​tselepakis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/695\"\u003epydantic/pydantic-settings#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCliToggleFlag and CliDualFlag by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4166384738","node_id":"PR_kwDOQnJBfs7Oc6uZ","number":524,"state":"open","title":"chore(deps): bump ecdsa from 0.19.1 to 0.19.2 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T01:30:09.000Z","updated_at":"2026-03-30T01:32:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/BrightonDube/BizPilot2/pull/524","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrightonDube%2FBizPilot2/issues/524","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/524/packages"},{"uuid":"4162490030","node_id":"PR_kwDOQNDrGs7OV_N9","number":317,"state":"open","title":"Bump the pip group across 3 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python","compliance:pass"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-29T04:27:04.000Z","updated_at":"2026-03-29T04:27:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":3,"packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the / directory: [cryptography](https://github.com/pyca/cryptography), [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) and [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /client directory: [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /server directory: [cryptography](https://github.com/pyca/cryptography) and [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kumpeapps/managed-nebula/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kumpeapps/managed-nebula/pull/317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kumpeapps%2Fmanaged-nebula/issues/317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/317/packages"}],"issue_packages":[{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":"/backend","pr_created_at":"2026-05-25T19:58:38.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4519233848","node_id":"PR_kwDOOKEvLM7fJ9DU","number":50,"state":"closed","title":"Bump ecdsa from 0.19.1 to 0.19.2 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T20:02:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T19:58:38.000Z","updated_at":"2026-05-25T20:02:13.000Z","time_to_close":207,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PaulaMagdi0/Task-And-Project-Management-System/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/PaulaMagdi0/Task-And-Project-Management-System/pull/50","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaulaMagdi0%2FTask-And-Project-Management-System/issues/50","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/50/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-05-21T00:35:58.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-05-14T22:02:22.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4449631361","node_id":"PR_kwDOKdDCc87bsy8f","number":24734,"state":"closed","title":"build(deps): bump the uv group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-14T22:02:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T22:02:22.000Z","updated_at":"2026-05-14T22:02:37.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":17,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.12` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24734","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24734","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24734/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-05-06T21:23:56.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4394535477","node_id":"PR_kwDOKdDCc87Y7cG-","number":24422,"state":"closed","title":"Bump the uv group across 2 directories with 23 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-06T21:24:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:23:56.000Z","updated_at":"2026-05-06T21:24:12.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":23,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"langsmith","old_version":"0.4.5","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.25.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.5` | `0.7.31` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.25.1` | `3.26.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decodi...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24422","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24422","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24422/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-05-04T22:16:58.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4380044463","node_id":"PR_kwDOKdDCc87YL-T1","number":24366,"state":"closed","title":"Bump the uv group across 2 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-04T22:17:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T22:16:58.000Z","updated_at":"2026-05-04T22:17:12.000Z","time_to_close":5,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":24,"packages":[{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"authlib","old_version":"1.6.10","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"anthropic","old_version":"0.86.0","new_version":"0.87.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-text-splitters","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"nltk","old_version":"3.9.3","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pytest","old_version":"8.3.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"langsmith","old_version":"0.4.5","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.25.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"torch","old_version":"2.5.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.4` | `9.0.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.5` | `0.7.31` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.25.1` | `3.26.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.8.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\nBumps the uv group with 8 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.10` | `1.6.11` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.86.0` | `0.87.0` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.1` | `1.1.2` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.7.5` | `6.10.2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.3` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n\n\nUpdates `python-multipart` from 0.0.22 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.10 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.86.0 to 0.87.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.87.0\u003c/h2\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.87.0 (2026-03-31)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ev0.86.0...v0.87.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add error type field to APIStatusError (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1587\"\u003e#1587\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/dd563c031c2a0be75ccb6175246685abd5806d7d\"\u003edd563c0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e implement indices array format for query and form serialization (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/11a624467bd44175bc602f0135ff354895bdebdd\"\u003e11a6244\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehonor \u003cstrong\u003eapi_exclude\u003c/strong\u003e in async transform path (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1612\"\u003e#1612\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8172232a8bb19e0d0bf10df1c3c21ed492784585\"\u003e8172232\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1610\"\u003e#1610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e return resolved path from async _validate_path (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b0add32bd5fc59ad0fa277ef6982ee1df1eed7a\"\u003e7b0add3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ememory:\u003c/strong\u003e use restrictive file mode for memory files (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/47ba5b8f5f74beb1e1babef249754e1312b9dddf\"\u003e47ba5b8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize endpoint path params (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/98f60e42039392a133d83c8673d659f514c15a35\"\u003e98f60e4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e support enums (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1275\"\u003e#1275\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5c088ab1d162b1c1a18f566688b31bfbd7610825\"\u003e5c088ab\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e run builds on CI even if only spec metadata changed (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/194c05029403cef820897c3c6b2c26d4df0736f7\"\u003e194c050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eci:\u003c/strong\u003e skip lint on metadata-only changes (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/03e2ab9e95ec452d7d519e0b419c8881f3ae3a08\"\u003e03e2ab9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update gitignore (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94ede14b443c78b51931c185d1cd44f4ef201eae\"\u003e94ede14\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.4 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/2d6d58fa0101930c8f5cd9e9a94e7e988055f371\"\u003e2d6d58f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.5 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fb439afeadaf608cbf7d4630d01735f97227e3e\"\u003e8fb439a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.6 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/76da5fdd03b7ffc65a8b58b9f2a0df3e03c587c9\"\u003e76da5fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.19.7 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/bfa40e5c5bed65da0f3f664082e58e85c26b9c66\"\u003ebfa40e5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etests:\u003c/strong\u003e bump steady to v0.20.1 (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4fd9446332ae114072dac968134e6451c62138bb\"\u003e4fd9446\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/ab0c4460a170183ff036e2a3dad320ac4ac2c76d\"\u003e\u003ccode\u003eab0c446\u003c/code\u003e\u003c/a\u003e release: 0.87.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6599043eee6e86dce16953fcd1fd828052052be6\"\u003e\u003ccode\u003e6599043\u003c/code\u003e\u003c/a\u003e fix(memory): return resolved path from async _validate_path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/715030ceb4d6dd8d3546e999c680e29532bf1255\"\u003e\u003ccode\u003e715030c\u003c/code\u003e\u003c/a\u003e fix(memory): use restrictive file mode for memory files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6cdbc5f37105e464704d911ef590b88c7e5ae427\"\u003e\u003ccode\u003e6cdbc5f\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4beda3cc966b49166387aa9275cec8f88b004154\"\u003e\u003ccode\u003e4beda3c\u003c/code\u003e\u003c/a\u003e Add output-300k-2026-03-24 beta header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b77b826ce402881bcb2a43092e758368fccc99a\"\u003e\u003ccode\u003e3b77b82\u003c/code\u003e\u003c/a\u003e chore(ci): run builds on CI even if only spec metadata changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/764ddbab9bcd6c4e076bf2618d4930e5b39cfb7c\"\u003e\u003ccode\u003e764ddba\u003c/code\u003e\u003c/a\u003e feat(internal): implement indices array format for query and form serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8a06a905bb89bf8126e552d951270fe90869bc1d\"\u003e\u003ccode\u003e8a06a90\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7f8cf3c4c0c7a601847538364f6eccf00e72a2c4\"\u003e\u003ccode\u003e7f8cf3c\u003c/code\u003e\u003c/a\u003e chore(tests): bump steady to v0.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0eba0dd8f9590254b91eaadb79e44b792d56d85b\"\u003e\u003ccode\u003e0eba0dd\u003c/code\u003e\u003c/a\u003e chore(ci): skip lint on metadata-only changes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.86.0...v0.87.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==1.1.1...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.3 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.3...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.1.1 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.re...\n\n_Description has been truncated_","html_url":"https://github.com/open-webui/open-webui/pull/24366","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-webui%2Fopen-webui/issues/24366","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24366/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-27T04:45:26.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4333145766","node_id":"PR_kwDOQguR2c7V04_h","number":11,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T04:47:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T04:45:26.000Z","updated_at":"2026-05-11T04:47:55.000Z","time_to_close":1209748,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.33.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.4","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.0","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.1","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.5.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.4.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.33.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.0` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.1` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.5.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.46.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.3/\"\u003ehttps://pypi.org/project/click/8.3.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-3\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/1026\"\u003e#1026\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/1477\"\u003e#1477\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2775\"\u003e#2775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3298\"\u003e#3298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3299\"\u003e#3299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3238\"\u003e#3238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/654\"\u003e#654\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/843\"\u003e#843\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/951\"\u003e#951\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3235\"\u003e#3235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3177\"\u003e#3177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2836\"\u003e#2836\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2837\"\u003e#2837\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3165\"\u003e#3165\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3262\"\u003e#3262\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3280\"\u003e#3280\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3111\"\u003e#3111\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3189\"\u003e#3189\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3250\"\u003e#3250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2865\"\u003e#2865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2879\"\u003e#2879\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-20\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n:issue:\u003ccode\u003e1026\u003c/code\u003e :pr:\u003ccode\u003e1477\u003c/code\u003e :pr:\u003ccode\u003e2775\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. :issue:\u003ccode\u003e3298\u003c/code\u003e :pr:\u003ccode\u003e3299\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. :pr:\u003ccode\u003e3238\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n:issue:\u003ccode\u003e3224\u003c/code\u003e :pr:\u003ccode\u003e3240\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n:issue:\u003ccode\u003e654\u003c/code\u003e :issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e843\u003c/code\u003e :pr:\u003ccode\u003e951\u003c/code\u003e :pr:\u003ccode\u003e3235\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. :pr:\u003ccode\u003e3151\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. :pr:\u003ccode\u003e3151\u003c/code\u003e :pr:\u003ccode\u003e3177\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. :issue:\u003ccode\u003e2836\u003c/code\u003e :pr:\u003ccode\u003e2837\u003c/code\u003e :pr:\u003ccode\u003e3165\u003c/code\u003e :pr:\u003ccode\u003e3262\u003c/code\u003e :pr:\u003ccode\u003e3280\u003c/code\u003e\n:pr:\u003ccode\u003e3328\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. :issue:\u003ccode\u003e3111\u003c/code\u003e :pr:\u003ccode\u003e3239\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. :issue:\u003ccode\u003e3189\u003c/code\u003e :pr:\u003ccode\u003e3250\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n:issue:\u003ccode\u003e2865\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. :issue:\u003ccode\u003e2879\u003c/code\u003e :pr:\u003ccode\u003e3248\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c06d2d0a6aee6bcc50bd8257be2a4a592f4e75d0\"\u003e\u003ccode\u003ec06d2d0\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/f1f191ecd2c790b161187c78e7c88440e9524e5c\"\u003e\u003ccode\u003ef1f191e\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3343\"\u003e#3343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/bb59ba0fd279ca085d1113f0499b6a602ca31081\"\u003e\u003ccode\u003ebb59ba0\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4a352253c9ff013e36d11e4a6820d36d00ff2cd4\"\u003e\u003ccode\u003e4a35225\u003c/code\u003e\u003c/a\u003e Reduce blast-radius of \u003ccode\u003eUNSET\u003c/code\u003e in \u003ccode\u003edefault_map\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c07bb936de43fd303f9cfbefe248ab23fd2199c8\"\u003e\u003ccode\u003ec07bb93\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into unset-in-default-map\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c7e1ba8448cbcb2cdd9c1c7f4a592e863dcc3995\"\u003e\u003ccode\u003ec7e1ba8\u003c/code\u003e\u003c/a\u003e Reorder \u003ccode\u003eParameterSource\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/76552ff1e8c85837f911fc34037e702ae4327eda\"\u003e\u003ccode\u003e76552ff\u003c/code\u003e\u003c/a\u003e Show default string in prompt (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ac5cec5fe54e5a691e7bac17f441ce9498e0744c\"\u003e\u003ccode\u003eac5cec5\u003c/code\u003e\u003c/a\u003e Reorder ParameterSource from most to least explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c452e00e6772931b7071d9316b82b77e5b8f280\"\u003e\u003ccode\u003e8c452e0\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into show-default-string-in-prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c95c73bd5ef89eac638f85f1904a104ba4b1a32\"\u003e\u003ccode\u003e8c95c73\u003c/code\u003e\u003c/a\u003e Reconcile default value passing and default activation (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-19T06:23:45.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4290110444","node_id":"PR_kwDOQguR2c7TrcCW","number":4,"state":"closed","title":"build(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-27T04:42:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T06:23:45.000Z","updated_at":"2026-04-27T04:42:47.000Z","time_to_close":685140,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.2.25","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.4","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.0","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.3.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.32.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.1","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.3","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.2","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.2","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.0","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.4.10"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.28.3","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.4` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.0` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.32.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.1` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.2` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.2` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.0` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.0.4` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.4.10` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.28.3` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.44.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.2.25\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/7f5ade5d8da615fd366e8de6a668271251c45d34\"\u003e\u003ccode\u003e7f5ade5\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.1.0 to 6.2.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.02.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.4 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.4...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/708606c982cf35718cb2214c0bb9261cf548f042\"\u003e\u003ccode\u003e708606c\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/13be6a3a0f12d3f36c286196ef555dd51dc09edb\"\u003e\u003ccode\u003e13be6a3\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4b264878d71b2dc0e9e0f90ef15459d4302a7f9c\"\u003e\u003ccode\u003e4b26487\u003c/code\u003e\u003c/a\u003e ⬆️ Support free-threaded Python 3.14t (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15149\"\u003e#15149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/f796c346a8537876de43729ff1ca1409d4648893\"\u003e\u003ccode\u003ef796c34\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/09d1d1cb7073b3c7bd1f58fcf6faefa9b2c29de4\"\u003e\u003ccode\u003e09d1d1c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae4e45c5cc20a1e1503fbcab2369821d188feb09\"\u003e\u003ccode\u003eae4e45c\u003c/code\u003e\u003c/a\u003e 🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15363\"\u003e#15363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9653034b8d459607a4b7f761e6c23a6f287fa5fa\"\u003e\u003ccode\u003e9653034\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6f9a102faf071dbfa812a3af88d7d309d2ded4a6\"\u003e\u003ccode\u003e6f9a102\u003c/code\u003e\u003c/a\u003e ⬆ Bump cryptography from 46.0.5 to 46.0.7 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15314\"\u003e#15314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/eba8942c81dbf990d25fbae34e6601bdbc21e74b\"\u003e\u003ccode\u003eeba8942\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/77d080caf850b8af5c0f467389edf03c057c7697\"\u003e\u003ccode\u003e77d080c\u003c/code\u003e\u003c/a\u003e ⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15309\"\u003e#15309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/49e6189b2cd8ee95b9357bff6a5671ea3b32c2ca\"\u003e\u003ccode\u003e49e6189\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2005\"\u003e#2005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e73753a3c9086398a54942d26f7bc4a7232ac336\"\u003e\u003ccode\u003ee73753a\u003c/code\u003e\u003c/a\u003e Remove the deprecated 'pyxet' from the list of libraries (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/4bd065327f496fac714c9891111bc67c8d8cceae\"\u003e\u003ccode\u003e4bd0653\u003c/code\u003e\u003c/a\u003e conf should attempt types (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/463a1f08b52e2637728a28e1371577e8ea21496d\"\u003e\u003ccode\u003e463a1f0\u003c/code\u003e\u003c/a\u003e fix: allow withdirs parameter in glob for AbstractFileSystem (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/19e3cfe92b1bad9f759b4a399c3fbbb518e92455\"\u003e\u003ccode\u003e19e3cfe\u003c/code\u003e\u003c/a\u003e Fix typos (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2003\"\u003e#2003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/90bcbba391bddef400dde62e03c2eea9a2bdbd3d\"\u003e\u003ccode\u003e90bcbba\u003c/code\u003e\u003c/a\u003e fix typo in async docs: 'is' -\u0026gt; 'if' (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/846c9aa2e1eefe976f4c61bd954e7683ae9e7bb2\"\u003e\u003ccode\u003e846c9aa\u003c/code\u003e\u003c/a\u003e Apply \u003ccode\u003elru_cache\u003c/code\u003e manually per \u003ccode\u003eLazyReferenceMapper\u003c/code\u003e instance (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1985\"\u003e#1985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/fa850c13440b9a649b41afce8f0f4ecca73f9d73\"\u003e\u003ccode\u003efa850c1\u003c/code\u003e\u003c/a\u003e fix putting multiple files using SFTP (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e6668a146cd07b9f50530c49ea3916d8ab13e169\"\u003e\u003ccode\u003ee6668a1\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b6bd0752c1f133fb5005b4b21c065bde76f2c52b\"\u003e\u003ccode\u003eb6bd075\u003c/code\u003e\u003c/a\u003e fix parquet tests (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1988\"\u003e#1988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mmh3` from 5.2.0 to 5.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hajimes/mmh3/releases\"\u003emmh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the Android wheel for Python 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9, as it has reached the end of life on 2025-10-31.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hajimes/mmh3/blob/master/CHANGELOG.md\"\u003emmh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[5.2.1] - 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for the Android wheel for Python 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9, as it has reached the end of life on 2025-10-31.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/a4c44d81a8dc433ac50977425d7a5cf27cea9f0c\"\u003e\u003ccode\u003ea4c44d8\u003c/code\u003e\u003c/a\u003e chore(release): bump version to 5.2.1 (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/c83701d471d557594ab7f8003c13a476057fa7b1\"\u003e\u003ccode\u003ec83701d\u003c/code\u003e\u003c/a\u003e ci: update workflow files (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/168\"\u003e#168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/d4311b2d97b0f965aec857d94fa19aa0cd70ef8a\"\u003e\u003ccode\u003ed4311b2\u003c/code\u003e\u003c/a\u003e style: migrate to Ruff (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/25f98341e1ed5b5de9f1c7c28d67265501506281\"\u003e\u003ccode\u003e25f9834\u003c/code\u003e\u003c/a\u003e ci: fix dev ver for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/c4079917eadce86025724913e0cb620948e1199f\"\u003e\u003ccode\u003ec407991\u003c/code\u003e\u003c/a\u003e ci: fix dev ver for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/ee3a78a1fe3f82c7e2018f290d6ab262603d24dd\"\u003e\u003ccode\u003eee3a78a\u003c/code\u003e\u003c/a\u003e ci: update wheel configs (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/60957d75f0c30cf25d1f5354f5a5ac0febd952e3\"\u003e\u003ccode\u003e60957d7\u003c/code\u003e\u003c/a\u003e fix: modify sed commands for cross-platform builds (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/da3bb5f0aa7a004b2ae3a5d0eb3d06c05f370130\"\u003e\u003ccode\u003eda3bb5f\u003c/code\u003e\u003c/a\u003e Switch back to workflow_dispatch for TestPyPI (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/bdaedf92e861df6eab2e3b229ce92fc688fa8f79\"\u003e\u003ccode\u003ebdaedf9\u003c/code\u003e\u003c/a\u003e Bump pyperf in the dependencies group across 1 directory (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hajimes/mmh3/commit/3342d17e5315fb9935f9348824c5b7acbc0b4808\"\u003e\u003ccode\u003e3342d17\u003c/code\u003e\u003c/a\u003e Bump dependencies (\u003ca href=\"https://redirect.github.com/hajimes/mmh3/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hajimes/mmh3/compare/v5.2.0...v5.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.2 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS po...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-13T23:57:47.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4258584877","node_id":"PR_kwDONUO8uM7SJr53","number":118,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-13T23:57:47.000Z","updated_at":"2026-04-13T23:59:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":11,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pytest","old_version":"8.3.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"uv","old_version":"0.4.25","new_version":"0.11.6","repository_url":"https://github.com/astral-sh/uv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.0.1` | `8.6.2` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.11.6` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.0.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/li\u003e\n\u003cli\u003eOfficially support Python 3.12 and 3.13 (add them to CI)\u003c/li\u003e\n\u003cli\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/li\u003e\n\u003cli\u003eFix typos in warning messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/2a6593d840ad153a16ebdd4f9b772b290494f3e3\"\u003e\u003ccode\u003e2a6593d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/359\"\u003e#359\u003c/a\u003e from tlsfuzzer/release-0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/658ddc81bbd20e0197a59c9c0fa7dcc5b17d7d06\"\u003e\u003ccode\u003e658ddc8\u003c/code\u003e\u003c/a\u003e add release notes for 0.19.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/3c5df06ae85ea0b35557fe5f8874eec4f2b39db0\"\u003e\u003ccode\u003e3c5df06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/358\"\u003e#358\u003c/a\u003e from tlsfuzzer/high-s-values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/b6d43c60e309bccd681eb1baab502f817ff226b6\"\u003e\u003ccode\u003eb6d43c6\u003c/code\u003e\u003c/a\u003e use integer division for canonicalization of signatures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/aa81ba3b7339f30362098580c754576bc15edba1\"\u003e\u003ccode\u003eaa81ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/357\"\u003e#357\u003c/a\u003e from tlsfuzzer/new-badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.0...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tornado` from 6.4.1 to 6.5.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst\"\u003etornado's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease notes\u003c/h1\u003e\n\u003cp\u003e.. toctree::\n:maxdepth: 2\u003c/p\u003e\n\u003cp\u003ereleases/v6.5.5\nreleases/v6.5.4\nreleases/v6.5.3\nreleases/v6.5.2\nreleases/v6.5.1\nreleases/v6.5.0\nreleases/v6.4.2\nreleases/v6.4.1\nreleases/v6.4.0\nreleases/v6.3.3\nreleases/v6.3.2\nreleases/v6.3.1\nreleases/v6.3.0\nreleases/v6.2.0\nreleases/v6.1.0\nreleases/v6.0.4\nreleases/v6.0.3\nreleases/v6.0.2\nreleases/v6.0.1\nreleases/v6.0.0\nreleases/v5.1.1\nreleases/v5.1.0\nreleases/v5.0.2\nreleases/v5.0.1\nreleases/v5.0.0\nreleases/v4.5.3\nreleases/v4.5.2\nreleases/v4.5.1\nreleases/v4.5.0\nreleases/v4.4.3\nreleases/v4.4.2\nreleases/v4.4.1\nreleases/v4.4.0\nreleases/v4.3.0\nreleases/v4.2.1\nreleases/v4.2.0\nreleases/v4.1.0\nreleases/v4.0.2\nreleases/v4.0.1\nreleases/v4.0.0\nreleases/v3.2.2\nreleases/v3.2.1\nreleases/v3.2.0\nreleases/v3.1.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/7d6465056ceb7a054b3f64cf1c18271753b10482\"\u003e\u003ccode\u003e7d64650\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3586\"\u003e#3586\u003c/a\u003e from bdarnell/update-cibw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/d05d59b8080a0d5d6a260994c7aad7049209d345\"\u003e\u003ccode\u003ed05d59b\u003c/code\u003e\u003c/a\u003e build: Bump cibuildwheel to 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/c2f46732b0ad14bf0db4219c96a945f4b60205f5\"\u003e\u003ccode\u003ec2f4673\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3585\"\u003e#3585\u003c/a\u003e from bdarnell/release-655\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/e5f1aa4b6fa2c16b29024830227838fcb0c79b6f\"\u003e\u003ccode\u003ee5f1aa4\u003c/code\u003e\u003c/a\u003e Release notes and version bump for v6.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/78a046f99f89977dfc8ff5a1fe16d298afbeeaca\"\u003e\u003ccode\u003e78a046f\u003c/code\u003e\u003c/a\u003e httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104\"\u003e\u003ccode\u003e24a2d96\u003c/code\u003e\u003c/a\u003e web: Validate characters in all cookie attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839\"\u003e\u003ccode\u003e119a195\u003c/code\u003e\u003c/a\u003e httputil: Add limits on multipart form data parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/63d4df4eefa6750bb14efa1ebffe67b8c54fbad4\"\u003e\u003ccode\u003e63d4df4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tornadoweb/tornado/issues/3564\"\u003e#3564\u003c/a\u003e from bdarnell/release-654\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/eadbf9adbe9db19e2686a32f48ddf9a25518c4f6\"\u003e\u003ccode\u003eeadbf9a\u003c/code\u003e\u003c/a\u003e Release notes and version bump for 6.5.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tornadoweb/tornado/commit/bbc2b1429c6db80765a8a95c09ddddc7bb40e4e8\"\u003e\u003ccode\u003ebbc2b14\u003c/code\u003e\u003c/a\u003e Make sure that the in-operator on HTTPHeaders is case insensitive\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github....\n\n_Description has been truncated_","html_url":"https://github.com/patrik-fredon/langflow/pull/118","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/118","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/118/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-13T10:08:25.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4253452975","node_id":"PR_kwDORVT_787R8LeV","number":19,"state":"closed","title":"chore(deps)(deps): bump the python-minor-patch group across 1 directory with 41 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-20T10:36:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T10:08:25.000Z","updated_at":"2026-04-20T10:36:24.000Z","time_to_close":606477,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"python-minor-patch","update_count":41,"packages":[{"name":"alembic","old_version":"1.12.1","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anthropic","old_version":"0.84.0","new_version":"0.94.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.2.25","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.129.2","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"filelock","old_version":"3.24.2","new_version":"3.25.2","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"fsspec","old_version":"2026.2.0","new_version":"2026.3.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"google-auth-httplib2","old_version":"0.3.0","new_version":"0.3.1","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"google-auth","old_version":"2.48.0","new_version":"2.49.2","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"gunicorn","old_version":"25.1.0","new_version":"25.3.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"jiter","old_version":"0.13.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.0.4","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"1.0.5","new_version":"1.0.11","repository_url":"https://github.com/mem0ai/mem0"},{"name":"numpy","old_version":"2.4.2","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"openai","old_version":"2.21.0","new_version":"2.31.0","repository_url":"https://github.com/openai/openai-python"},{"name":"prometheus-client","old_version":"0.19.0","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyjwt","old_version":"2.11.0","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"regex","old_version":"2026.2.19","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.57.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"sqlalchemy","old_version":"2.0.48","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"sse-starlette","old_version":"3.2.0","new_version":"3.3.4","repository_url":"https://github.com/sysid/sse-starlette"},{"name":"svix","old_version":"1.86.0","new_version":"1.90.0","repository_url":"https://github.com/svix/svix-webhooks"},{"name":"typer","old_version":"0.24.0","new_version":"0.24.1","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wrapt","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"bandit","old_version":"1.8.3","new_version":"1.9.4","repository_url":"https://github.com/PyCQA/bandit"},{"name":"pip-audit","old_version":"2.9.0","new_version":"2.10.0","repository_url":"https://github.com/pypa/pip-audit"},{"name":"pre-commit","old_version":"4.1.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.9.9","new_version":"0.15.10","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 41 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.12.1` | `1.18.4` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.84.0` | `0.94.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.2.25` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.129.2` | `0.135.3` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.2` | `3.25.2` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.2.0` | `2026.3.0` |\n| [google-auth-httplib2](https://github.com/googleapis/google-cloud-python) | `0.3.0` | `0.3.1` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.48.0` | `2.49.2` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.4.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.3.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.13.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.0.4` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `1.0.5` | `1.0.11` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.2` | `2.4.4` |\n| [openai](https://github.com/openai/openai-python) | `2.21.0` | `2.31.0` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.19.0` | `0.25.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.0` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.11.0` | `2.12.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.26` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.2.19` | `2026.4.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.57.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.48` | `2.0.49` |\n| [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.3.4` |\n| [svix](https://github.com/svix/svix-webhooks) | `1.86.0` | `1.90.0` |\n| [typer](https://github.com/fastapi/typer) | `0.24.0` | `0.24.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.44.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.1.1` | `2.1.2` |\n| [bandit](https://github.com/PyCQA/bandit) | `1.8.3` | `1.9.4` |\n| [pip-audit](https://github.com/pypa/pip-audit) | `2.9.0` | `2.10.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.1.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.9.9` | `0.15.10` |\n\n\nUpdates `alembic` from 1.12.1 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.84.0 to 0.94.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.94.0\u003c/h2\u003e\n\u003ch2\u003e0.94.0 (2026-04-10)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.93.0...v0.94.0\"\u003ev0.93.0...v0.94.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b7e157d85f50b2900ddf896e8e80882dd7311bfd\"\u003eb7e157d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure file data are only sent as 1 parameter (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/837b25bb6262186a5bae92aa70eb73c3cf8c90af\"\u003e837b25b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/48089fdb788500d00718b9d4ae24cd34e5e91beb\"\u003e48089fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0f3c28b973026d135f91f38c4ad82ae2b1131522\"\u003e0f3c28b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.93.0\u003c/h2\u003e\n\u003ch2\u003e0.93.0 (2026-04-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.92.0...v0.93.0\"\u003ev0.92.0...v0.93.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add beta advisor tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4297dca285441b185ea9e3d18b7f912102b54be2\"\u003e4297dca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.92.0\u003c/h2\u003e\n\u003ch2\u003e0.92.0 (2026-04-08)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.91.0...v0.92.0\"\u003ev0.91.0...v0.92.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Claude Managed Agents (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5b879a7d929bd93332d777bed067be680819dfac\"\u003e5b879a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.91.0\u003c/h2\u003e\n\u003ch2\u003e0.91.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.90.0...v0.91.0\"\u003ev0.90.0...v0.91.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Create Bedrock Mantle client (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1616\"\u003e#1616\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fd195a2fa2cd44ebf4513e69f671def88d2b6ec9\"\u003efd195a2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.90.0\u003c/h2\u003e\n\u003ch2\u003e0.90.0 (2026-04-07)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.94.0 (2026-04-10)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.93.0...v0.94.0\"\u003ev0.93.0...v0.94.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003evertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/b7e157d85f50b2900ddf896e8e80882dd7311bfd\"\u003eb7e157d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure file data are only sent as 1 parameter (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/837b25bb6262186a5bae92aa70eb73c3cf8c90af\"\u003e837b25b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/48089fdb788500d00718b9d4ae24cd34e5e91beb\"\u003e48089fd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate examples (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0f3c28b973026d135f91f38c4ad82ae2b1131522\"\u003e0f3c28b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.93.0 (2026-04-09)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.92.0...v0.93.0\"\u003ev0.92.0...v0.93.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add beta advisor tool (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4297dca285441b185ea9e3d18b7f912102b54be2\"\u003e4297dca\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.92.0 (2026-04-08)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.91.0...v0.92.0\"\u003ev0.91.0...v0.92.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add support for Claude Managed Agents (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5b879a7d929bd93332d777bed067be680819dfac\"\u003e5b879a7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.91.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.90.0...v0.91.0\"\u003ev0.90.0...v0.91.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Create Bedrock Mantle client (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1616\"\u003e#1616\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fd195a2fa2cd44ebf4513e69f671def88d2b6ec9\"\u003efd195a2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.90.0 (2026-04-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.89.0...v0.90.0\"\u003ev0.89.0...v0.90.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for claude-mythos-preview (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc7ddd8e0296a578f09c7fa2baf00e50d81cf980\"\u003efc7ddd8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7b03b0fc0b103eaba7732fc5ae54fc86c963839a\"\u003e\u003ccode\u003e7b03b0f\u003c/code\u003e\u003c/a\u003e release: 0.94.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/42ee3dab539d6346505bae13745d34fe91c1946e\"\u003e\u003ccode\u003e42ee3da\u003c/code\u003e\u003c/a\u003e docs: update examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/0c8a8c9ec660108666baf96acd4aab08d41027af\"\u003e\u003ccode\u003e0c8a8c9\u003c/code\u003e\u003c/a\u003e fix: ensure file data are only sent as 1 parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9092064e862fe03afbca1740cbc21d20edcb4984\"\u003e\u003ccode\u003e9092064\u003c/code\u003e\u003c/a\u003e feat: vertex eu region (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/25b6c31ca04c107c9b31d61e13ad69a1598ff65f\"\u003e\u003ccode\u003e25b6c31\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/717f90bf95b0dd3e1fefb2df06c022f16a03ee96\"\u003e\u003ccode\u003e717f90b\u003c/code\u003e\u003c/a\u003e release: 0.93.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/c10155947d844c7545b533bb62748e4381d5d7c5\"\u003e\u003ccode\u003ec101559\u003c/code\u003e\u003c/a\u003e feat(api): Add beta advisor tool\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/5a290a8defab65e68d240116cbefa85987253946\"\u003e\u003ccode\u003e5a290a8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/c2cc6f9947fb89afd9c11cbc178631209dd2fba5\"\u003e\u003ccode\u003ec2cc6f9\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/90cd200895a7625481e6edc4696704e37b6d7dfd\"\u003e\u003ccode\u003e90cd200\u003c/code\u003e\u003c/a\u003e release: 0.92.0 (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1348\"\u003e#1348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.84.0...v0.94.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.2.25\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/7f5ade5d8da615fd366e8de6a668271251c45d34\"\u003e\u003ccode\u003e7f5ade5\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.1.0 to 6.2.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.02.25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.129.2 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.129.2...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.24.2 to 3.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.25.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/513\"\u003etox-dev/filelock#513\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.25.1...3.25.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.25.1...3.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.25.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/507\"\u003etox-dev/filelock#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/511\"\u003etox-dev/filelock#511\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.25.0...3.25.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.25.0...3.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.25.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to check workflow by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/500\"\u003etox-dev/filelock#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/501\"\u003etox-dev/filelock#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/504\"\u003etox-dev/filelock#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/506\"\u003etox-dev/filelock#506\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.24.4...3.25.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.24.4...3.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.24.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress ValueError in _try_break_stale_lock for corrupted lock files by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/496\"\u003etox-dev/filelock#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix ValueError in _acquire_transaction_lock when blocking=False with timeout by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/498\"\u003etox-dev/filelock#498\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/496\"\u003etox-dev/filelock#496\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.24.3...3.24.4\"\u003ehttps://github.com/tox-dev/filelock/compare/3.24.3...3.24.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.24.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/492\"\u003etox-dev/filelock#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/495\"\u003etox-dev/filelock#495\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.26.1 (2026-04-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(asyncio): add \u003cstrong\u003eexit\u003c/strong\u003e to BaseAsyncFileLock and fix \u003cstrong\u003edel\u003c/strong\u003e loop handling :pr:\u003ccode\u003e518\u003c/code\u003e - by :user:\u003ccode\u003enaarob\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:\u003ccode\u003e525\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.26.0 (2026-04-06)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): add PID inspection and lock breaking :pr:\u003ccode\u003e524\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e523\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:\u003ccode\u003e522\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove persist-credentials: false from release job :pr:\u003ccode\u003e520\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e519\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 ci(workflows): add zizmor security auditing :pr:\u003ccode\u003e517\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e516\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e514\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/5b9872c523b20db569d8832da4fb640e9c175ce6\"\u003e\u003ccode\u003e5b9872c\u003c/code\u003e\u003c/a\u003e Release 3.25.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/42b740aa076e81332402a16244c7cea60ac78851\"\u003e\u003ccode\u003e42b740a\u003c/code\u003e\u003c/a\u003e 🐛 fix(unix): suppress EIO on close in Docker bind mounts (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/d8b04b5018932f53b3d2743fadac507dd616af5c\"\u003e\u003ccode\u003ed8b04b5\u003c/code\u003e\u003c/a\u003e Release 3.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0633386072b71dfd27c6799323aecca45fb6a094\"\u003e\u003ccode\u003e0633386\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/7f2247d81bc8eab802821cd40437a61c40368d17\"\u003e\u003ccode\u003e7f2247d\u003c/code\u003e\u003c/a\u003e 🐛 fix(win): restore best-effort lock file cleanup on release (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/5ae1c4e36548fc0ff6e24a26cb4187b65f2cdccb\"\u003e\u003ccode\u003e5ae1c4e\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/bcffcfea7a8f616968e7cc45c047cc0d4142a064\"\u003e\u003ccode\u003ebcffcfe\u003c/code\u003e\u003c/a\u003e 📝 docs(logo): add branded project logo (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/7f195d9f06e8a96ac7226133a56df41571782183\"\u003e\u003ccode\u003e7f195d9\u003c/code\u003e\u003c/a\u003e Release 3.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/df2754eb4ea2e6e8b7d6fb54896d17163dcd2745\"\u003e\u003ccode\u003edf2754e\u003c/code\u003e\u003c/a\u003e ✨ feat(async): add AsyncReadWriteLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/506\"\u003e#506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8a359c54746ae8252b27b0198c125b741908d88e\"\u003e\u003ccode\u003e8a359c5\u003c/code\u003e\u003c/a\u003e Standardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.24.2...3.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.2.0 to 2026.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/49e6189b2cd8ee95b9357bff6a5671ea3b32c2ca\"\u003e\u003ccode\u003e49e6189\u003c/code\u003e\u003c/a\u003e changelog (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2005\"\u003e#2005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e73753a3c9086398a54942d26f7bc4a7232ac336\"\u003e\u003ccode\u003ee73753a\u003c/code\u003e\u003c/a\u003e Remove the deprecated 'pyxet' from the list of libraries (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/4bd065327f496fac714c9891111bc67c8d8cceae\"\u003e\u003ccode\u003e4bd0653\u003c/code\u003e\u003c/a\u003e conf should attempt types (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/463a1f08b52e2637728a28e1371577e8ea21496d\"\u003e\u003ccode\u003e463a1f0\u003c/code\u003e\u003c/a\u003e fix: allow withdirs parameter in glob for AbstractFileSystem (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/19e3cfe92b1bad9f759b4a399c3fbbb518e92455\"\u003e\u003ccode\u003e19e3cfe\u003c/code\u003e\u003c/a\u003e Fix typos (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2003\"\u003e#2003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/90bcbba391bddef400dde62e03c2eea9a2bdbd3d\"\u003e\u003ccode\u003e90bcbba\u003c/code\u003e\u003c/a\u003e fix typo in async docs: 'is' -\u0026gt; 'if' (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/846c9aa2e1eefe976f4c61bd954e7683ae9e7bb2\"\u003e\u003ccode\u003e846c9aa\u003c/code\u003e\u003c/a\u003e Apply \u003ccode\u003elru_cache\u003c/code\u003e manually per \u003ccode\u003eLazyReferenceMapper\u003c/code\u003e instance (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1985\"\u003e#1985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/fa850c13440b9a649b41afce8f0f4ecca73f9d73\"\u003e\u003ccode\u003efa850c1\u003c/code\u003e\u003c/a\u003e fix putting multiple files using SFTP (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.2.0...2026.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth-httplib2` from 0.3.0 to 0.3.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/4e80530190d3e3d7d0dec26b8daf97c2db15c2df\"\u003e\u003ccode\u003e4e80530\u003c/code\u003e\u003c/a\u003e chore: create a release (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16193\"\u003e#16193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/0f8d933cfeca182e00eb589da2ab0df61579c6f1\"\u003e\u003ccode\u003e0f8d933\u003c/code\u003e\u003c/a\u003e chore: add gapic-generator integration test presubmit (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16465\"\u003e#16465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/ab44f7e4224b554e9365aafbd4ecb559ed975aa6\"\u003e\u003ccode\u003eab44f7e\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency requests to v2.33.0 [security] (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16464\"\u003e#16464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/943a979f14b1f39608cdb2658823f087a599e418\"\u003e\u003ccode\u003e943a979\u003c/code\u003e\u003c/a\u003e chore(migration): Migrate code from googleapis/sphinx-docfx-yaml into package...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/8c6703da295ed30200bb38f637b745b64f34d690\"\u003e\u003ccode\u003e8c6703d\u003c/code\u003e\u003c/a\u003e chore(migration): Migrate code from googleapis/gapic-generator-python into pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/e3731d58d5371f166e75742e257e2524d21e83cb\"\u003e\u003ccode\u003ee3731d5\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into migration.gapic-generator-python.migration.2026-03-2...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/20f57241d9f690abc31c1a19ee5a0d33c667f300\"\u003e\u003ccode\u003e20f5724\u003c/code\u003e\u003c/a\u003e Trigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/76a8b58e1f73328243ff838a4652bdcc4ead31b5\"\u003e\u003ccode\u003e76a8b58\u003c/code\u003e\u003c/a\u003e chore: skip spanner django presubmits using dorny filter (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16196\"\u003e#16196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/7a05a34dc0d4bd9ded9ab3ce97b5e61f2780e081\"\u003e\u003ccode\u003e7a05a34\u003c/code\u003e\u003c/a\u003e chore: create a release (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16191\"\u003e#16191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/46ee8a094fdb121f49fa600f91d1b8c0818a9253\"\u003e\u003ccode\u003e46ee8a0\u003c/code\u003e\u003c/a\u003e fix presubmit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/google-auth-httplib2-v0.3.0...google-auth-httplib2-v0.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-auth` from 2.48.0 to 2.49.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/releases\"\u003egoogle-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.49.0.dev0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-python/compare/v2.48.0...v2.49.0-dev0\"\u003e2.49.0-dev0\u003c/a\u003e (2026-01-26)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated rsa dependency (\u003ca href=\"https://github.com/googleapis/google-auth-library-python/commit/e98cf69284d3620619a70b54fb0b9533caf11878\"\u003ee98cf69284d3620619a70b54fb0b9533caf11878\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md\"\u003egoogle-auth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://pypi.org/project/google-auth/#history\"\u003ePyPI History\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-auth-library-python/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eP...\n\n_Description has been truncated_","html_url":"https://github.com/Pha6ha007/proof-sales-platform/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pha6ha007%2Fproof-sales-platform/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-13T04:39:43.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4251309235","node_id":"PR_kwDORju0hs7R3e9j","number":25,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 26 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T04:39:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T04:39:43.000Z","updated_at":"2026-04-20T04:39:09.000Z","time_to_close":604764,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":26,"packages":[{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.4.0","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.45.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.44.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.4.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.5.3","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 26 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.3` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.4.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.45.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.26` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.49` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.44.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.4.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.5.3` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\ntheoretically could have been crashing bugs, but typically only in\nvery rare circumstances.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 502 \u0026lt;https://github.com/python-greenlet/greenlet/pull/502\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix several race conditions that could arise in free-threaded\nbuilds when using greenlet objects from multiple threads, some of\nwhich could lead to assertion failures or interpreter crashes.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003eissue 503 \u0026lt;https://github.com/python-greenlet/greenlet/issues/503\u0026gt;\u003c/code\u003e_, with\nthanks to Nitay Dariel and Daniel Diniz.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/df6734edbef6a0e54ecc4ba4735d93ae6d721095\"\u003e\u003ccode\u003edf6734e\u003c/code\u003e\u003c/a\u003e Preparing release 3.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/0f860756608b767b2ed70f935053b319d1a1b828\"\u003e\u003ccode\u003e0f86075\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/504\"\u003e#504\u003c/a\u003e from python-greenlet/freethreading-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/459657482f3efaee294edff672bde45ac3fac208\"\u003e\u003ccode\u003e4596574\u003c/code\u003e\u003c/a\u003e TLBC: crash appears to still happen on CI 3.14t ubuntu. Re-enable workaround.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/2f4a1cf53fa282ab28ea4815164a9cb09b9320ce\"\u003e\u003ccode\u003e2f4a1cf\u003c/code\u003e\u003c/a\u003e Make green_switch (python level greenlet.switch) and green_throw check for (p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/a0c2a2a7519985d5fe2c034a54f1a0fed82a5905\"\u003e\u003ccode\u003ea0c2a2a\u003c/code\u003e\u003c/a\u003e Fix unused variable warning when asserts are disabled.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/8688581392187d68f35180148fcd6fb4fd9a972f\"\u003e\u003ccode\u003e8688581\u003c/code\u003e\u003c/a\u003e gcc was complaining about an incomplete std::atomic type. make sure we includ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/449c76045b71f7f96c48e8d62672e5382b17cc3d\"\u003e\u003ccode\u003e449c760\u003c/code\u003e\u003c/a\u003e Make MainGreenlet._thread_state atomic; we use it for cross thread checking a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/f840e00dea524c20801bcb4f8764b968590eb6ba\"\u003e\u003ccode\u003ef840e00\u003c/code\u003e\u003c/a\u003e Add critical sections to greenlet attribute accessors.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/6b281d3eca96ec82a87067b2016241296e4c60e9\"\u003e\u003ccode\u003e6b281d3\u003c/code\u003e\u003c/a\u003e test_contextvars: No need for the fallback case where contextvars isn't avail...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/f52615ae64f73b19e53e71cd1e12cbb1841246ff\"\u003e\u003ccode\u003ef52615a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/502\"\u003e#502\u003c/a\u003e from python-greenlet/devdanzin-audit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.6.1 to 2.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Deterministic alias selection when using validate_by_name by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/707\"\u003epydantic/pydantic-settings#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deep merge functionality to config file sources by \u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS Secrets Manager VersionId parameter by \u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebugfix: Return \u003ccode\u003eNone\u003c/code\u003e for inaccessible GCP Secret Manager secrets by \u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBugfix for cli_kebab_case=\u0026quot;all\u0026quot; and CliImplicitFlag[bool] by \u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnpack type alisases when looking for \u003ccode\u003eNoDecode\u003c/code\u003e by \u003ca href=\"https://github.com/tselepakis\"\u003e\u003ccode\u003e@​tselepakis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/695\"\u003epydantic/pydantic-settings#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCliToggleFlag and CliDualFlag by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/717\"\u003epydantic/pydantic-settings#717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for CLI duplicate enum field values. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/722\"\u003epydantic/pydantic-settings#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixed load nested config from env by \u003ca href=\"https://github.com/Sube-py\"\u003e\u003ccode\u003e@​Sube-py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/723\"\u003epydantic/pydantic-settings#723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd non-Path files support (for example Traversable) and open files using Path.open method by \u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/724\"\u003epydantic/pydantic-settings#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd one more traversable test by \u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/725\"\u003epydantic/pydantic-settings#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI fix fox external list args. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/727\"\u003epydantic/pydantic-settings#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle case-insensitive retrieval in GoogleSecretManagerSettingsSource by \u003ca href=\"https://github.com/ezwiefel\"\u003e\u003ccode\u003e@​ezwiefel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/730\"\u003epydantic/pydantic-settings#730\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI test fixes for help text formatting. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/735\"\u003epydantic/pydantic-settings#735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid conflicts with the \u003ccode\u003eNAME\u003c/code\u003e environment variable in WSL by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/747\"\u003epydantic/pydantic-settings#747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: When restoring init kwargs, use deterministic order by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/746\"\u003epydantic/pydantic-settings#746\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd env_prefix_target by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/749\"\u003epydantic/pydantic-settings#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003e(default: …)\u003c/code\u003e in the help message for \u003ccode\u003eCliToggleFlag\u003c/code\u003e by \u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/740\"\u003epydantic/pydantic-settings#740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for CLI serialize styles. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/755\"\u003epydantic/pydantic-settings#755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for overriding default help on CLI internal parser. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/758\"\u003epydantic/pydantic-settings#758\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI format_help method support by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/759\"\u003epydantic/pydantic-settings#759\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(gcp): support SecretVersion annotation for per-field secret versioning by \u003ca href=\"https://github.com/ezwiefel\"\u003e\u003ccode\u003e@​ezwiefel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/763\"\u003epydantic/pydantic-settings#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003esnake_case_conversion\u003c/code\u003e with \u003ccode\u003eenv_prefix\u003c/code\u003e for Azure Key Vault source by \u003ca href=\"https://github.com/cstarkers\"\u003e\u003ccode\u003e@​cstarkers\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/762\"\u003epydantic/pydantic-settings#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Only override preferred_key when no value was found by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/767\"\u003epydantic/pydantic-settings#767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate deps by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/768\"\u003epydantic/pydantic-settings#768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI coerce numeric types. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/769\"\u003epydantic/pydantic-settings#769\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI Union Discriminator Choices in Help by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/764\"\u003epydantic/pydantic-settings#764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd nested path support for yaml_config_section (fixes \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/772\"\u003e#772\u003c/a\u003e) by \u003ca href=\"https://github.com/hugo-romero-mm\"\u003e\u003ccode\u003e@​hugo-romero-mm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/773\"\u003epydantic/pydantic-settings#773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.13.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/777\"\u003epydantic/pydantic-settings#777\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sube-py\"\u003e\u003ccode\u003e@​Sube-py\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/723\"\u003epydantic/pydantic-settings#723\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mahenzon\"\u003e\u003ccode\u003e@​mahenzon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/724\"\u003epydantic/pydantic-settings#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kzrnm\"\u003e\u003ccode\u003e@​kzrnm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/747\"\u003epydantic/pydantic-settings#747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cstarkers\"\u003e\u003ccode\u003e@​cstarkers\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/762\"\u003epydantic/pydantic-settings#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hugo-romero-mm\"\u003e\u003ccode\u003e@​hugo-romero-mm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/773\"\u003epydantic/pydantic-settings#773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.13.0\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.12.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for enum kebab case. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/686\"\u003epydantic/pydantic-settings#686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply source order: init \u0026gt; env \u0026gt; dotenv \u0026gt; secrets \u0026gt; defaults and pres… by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/688\"\u003epydantic/pydantic-settings#688\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd NestedSecretsSettings source by \u003ca href=\"https://github.com/makukha\"\u003e\u003ccode\u003e@​makukha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/690\"\u003epydantic/pydantic-settings#690\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e87d12df0f42f7f72a3eb6d830cfbfb1d68b4496\"\u003e\u003ccode\u003ee87d12d\u003c/code\u003e\u003c/a\u003e v2.13.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/790\"\u003e#790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/acf8c14f5ec314799f5bd0d3f6a1591c4ed2ec97\"\u003e\u003ccode\u003eacf8c14\u003c/code\u003e\u003c/a\u003e Fix JSON decoding for parameterized PEP 695 type aliases (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/780\"\u003e#780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/58b236a36473e01bfe42e5f75d39d46721e0593d\"\u003e\u003ccode\u003e58b236a\u003c/code\u003e\u003c/a\u003e Fix AttributeError with nested env vars for dict fields (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/785\"\u003e#785\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/786\"\u003e#786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/4933f06402ed55e32bcdcefd6c8f59ffe1fefd24\"\u003e\u003ccode\u003e4933f06\u003c/code\u003e\u003c/a\u003e Fix CLI parsing error for set field types since 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/787\"\u003e#787\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/788\"\u003e#788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/bd0ebe6215cf215d716e33d833cc2589a1d00a17\"\u003e\u003ccode\u003ebd0ebe6\u003c/code\u003e\u003c/a\u003e Fix RecursionError with self-referential models in CliApp (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eb7840e9f59a7969b23afdbcc4e5081e037736d8\"\u003e\u003ccode\u003eeb7840e\u003c/code\u003e\u003c/a\u003e Fix regression for bool fields since 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/784\"\u003e#784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/198e71cf0cd570501535de7ae93a70953150f073\"\u003e\u003ccode\u003e198e71c\u003c/code\u003e\u003c/a\u003e Prepare release 2.13.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/777\"\u003e#777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/de71e84057b63b251ec84883b5e2ae886f82084f\"\u003e\u003ccode\u003ede71e84\u003c/code\u003e\u003c/a\u003e Add nested path support for yaml_config_section (fixes \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/772\"\u003e#772\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/773\"\u003e#773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0f8f951b89b137bd563ce74dac016ba2c4cdc7a2\"\u003e\u003ccode\u003e0f8f951\u003c/code\u003e\u003c/a\u003e CLI Union Discriminator Choices in Help (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/ce9804c4620d38f0c3b3c1e3ebe10d934fd4ba2e\"\u003e\u003ccode\u003ece9804c\u003c/code\u003e\u003c/a\u003e CLI coerce numeric types. (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/769\"\u003e#769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.6.1...v2.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.41.5 to 2.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-core/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-06T04:39:11.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4209568845","node_id":"PR_kwDORju0hs7QHZWD","number":21,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T04:38:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-06T04:39:11.000Z","updated_at":"2026-04-13T04:38:07.000Z","time_to_close":604734,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":25,"packages":[{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.5.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"click","old_version":"8.3.1","new_version":"8.3.2","repository_url":"https://github.com/pallets/click"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.45.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.24","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.49","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.43.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 25 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.3.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.5.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.3` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.45.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.24` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.49` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.43.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n\n\nUpdates `torch` from 2.7.1+cpu to 2.11.0+cpu\n\nUpdates `sentence-transformers` from 5.2.3 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0 - Improved Contrastive Learning, New Losses, and Transformers v5 Compatibility\u003c/h2\u003e\n\u003cp\u003eThis minor version brings several improvements to contrastive learning: \u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports alternative InfoNCE formulations (symmetric, GTE-style) and optional hardness weighting for harder negatives. Two new losses are introduced, \u003ccode\u003eGlobalOrthogonalRegularizationLoss\u003c/code\u003e for embedding space regularization and \u003ccode\u003eCachedSpladeLoss\u003c/code\u003e for memory-efficient SPLADE training. The release also adds a faster hashed batch sampler, fixes \u003ccode\u003eGroupByLabelBatchSampler\u003c/code\u003e for triplet losses, and ensures full compatibility with the latest Transformers v5 versions.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.3.0\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.3.0\npip install sentence-transformers[onnx-gpu]==5.3.0\npip install sentence-transformers[onnx]==5.3.0\npip install sentence-transformers[openvino]==5.3.0\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eUpdated MultipleNegativesRankingLoss (a.k.a. InfoNCE)\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e received two major upgrades: support for alternative InfoNCE formulations from the literature, and optional hardness weighting to up-weight harder negatives.\u003c/p\u003e\n\u003ch3\u003eSupport other InfoNCE variants (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3607\"\u003e#3607\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports several well-known contrastive loss variants from the literature through new \u003ccode\u003edirections\u003c/code\u003e and \u003ccode\u003epartition_mode\u003c/code\u003e parameters. Previously, this loss only supported the standard forward direction (query → doc). You can now configure which similarity interactions are included in the loss:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_doc\u0026quot;\u003c/code\u003e (default): For each query, its matched document should score higher than all other documents.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_query\u0026quot;\u003c/code\u003e: The symmetric reverse — for each document, its matched query should score higher than all other queries.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_query\u0026quot;\u003c/code\u003e: For each query, all other queries should score lower than its matched document.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_doc\u0026quot;\u003c/code\u003e: For each document, all other documents should score lower than its matched query.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ccode\u003epartition_mode\u003c/code\u003e controls how scores are normalized: \u003ccode\u003e\u0026quot;joint\u0026quot;\u003c/code\u003e computes a single softmax over all directions, while \u003ccode\u003e\u0026quot;per_direction\u0026quot;\u003c/code\u003e computes a separate softmax per direction and averages the losses.\u003c/p\u003e\n\u003cp\u003eThese combine to reproduce several loss formulations from the literature:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eStandard InfoNCE\u003c/strong\u003e (default, unchanged behavior):\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(model)\r\n# equivalent to directions=(\u0026quot;query_to_doc\u0026quot;,), partition_mode=\u0026quot;joint\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eSymmetric InfoNCE\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2310.19923\"\u003eGünther et al. 2024\u003c/a\u003e) — adds the reverse direction so both queries and documents are trained to find their match:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n    model,\r\n    directions=(\u0026quot;query_to_doc\u0026quot;, \u0026quot;doc_to_query\u0026quot;),\r\n    partition_mode=\u0026quot;per_direction\u0026quot;,\r\n)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eGTE improved contrastive loss\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2308.03281\"\u003eLi et al. 2023\u003c/a\u003e) — adds same-type negatives (query \u0026lt;-\u0026gt; query, doc \u0026lt;-\u0026gt; doc) for a stronger training signal, especially useful with pairs-only data:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce48ecc77f8c7ed97c8fcc3cd99fde6071206680\"\u003e\u003ccode\u003ece48ecc\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.3-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/cec08f89aabaa11a1675529fb7b11618c8255622\"\u003e\u003ccode\u003ecec08f8\u003c/code\u003e\u003c/a\u003e Fix citation for EmbeddingGemma paper (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/c29b3a69f7eca78d613fc2e465989ee880216c8d\"\u003e\u003ccode\u003ec29b3a6\u003c/code\u003e\u003c/a\u003e Release v5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/55c13de47ea9475b1416a34af36716cc477bd95f\"\u003e\u003ccode\u003e55c13de\u003c/code\u003e\u003c/a\u003e Prep docs main page for v5.3.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/72e75f7868700a768f6c57fb16e76b18df250f72\"\u003e\u003ccode\u003e72e75f7\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003etests\u003c/code\u003e] Add slow reproduction tests for most common models (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/237e44151758a9b4eb86b1ecd73152884073549a\"\u003e\u003ccode\u003e237e441\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Fix model card generation with set_transform with new column names (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/7f180b4b7146af66e2b043cdaa89bf87babe28bc\"\u003e\u003ccode\u003e7f180b4\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efeat\u003c/code\u003e] Add hardness-weighted contrastive learning to losses (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/58900864d51cde2f918885587709b2466938422c\"\u003e\u003ccode\u003e5890086\u003c/code\u003e\u003c/a\u003e Disallow query_to_query/doc_to_doc with partition_mode=\u0026quot;per_direction\u0026quot; due to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/6518c36671294b2125506f0d382d04102f739c91\"\u003e\u003ccode\u003e6518c36\u003c/code\u003e\u003c/a\u003e CE trainer: Removed IterableDataset from train and eval dataset type hints (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1e0e84cbfb5483ffe1a5ff7db459c67a61487f3f\"\u003e\u003ccode\u003e1e0e84c\u003c/code\u003e\u003c/a\u003e Add tips for adjusting batch size to improve processing speed (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.3.0 to 5.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease v5.5.0\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/INSET_PAPER_LINK\"\u003eGemma 4\u003c/a\u003e is a multimodal model with pretrained and instruction-tuned variants, available in 1B, 13B, and 27B parameters. The architecture is mostly the same as the previous Gemma versions. The key differences are a vision processor that can output images of fixed token budget and a spatial 2D RoPE to encode vision-specific information across height and width axis.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eYou can find all the original Gemma 4 checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4-release-67c6c6f89c4f76621268bb6d\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cp\u003eThe key difference from previous Gemma releases is the new design to process \u003cstrong\u003eimages of different sizes\u003c/strong\u003e using a \u003cstrong\u003efixed-budget number of tokens\u003c/strong\u003e. Unlike many models that squash every image into a fixed square (like 224×224), Gemma 4 keeps the image's natural aspect ratio while making it the right size. There a a couple constraints to follow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe total number of pixels must fit within a patch budget\u003c/li\u003e\n\u003cli\u003eBoth height and width must be divisible by \u003cstrong\u003e48\u003c/strong\u003e (= patch size 16 × pooling kernel 3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nGemma 4 does \u003cstrong\u003enot\u003c/strong\u003e apply the standard ImageNet mean/std normalization that many other vision models use. The model's own patch embedding layer handles the final scaling internally (shifting values to the [-1, 1] range).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThe number of \u0026quot;soft tokens\u0026quot; (aka vision tokens) an image processor can produce is configurable. The supported options are outlined below and the default is \u003cstrong\u003e280 soft tokens\u003c/strong\u003e per image.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth align=\"center\"\u003eSoft Tokens\u003c/th\u003e\n\u003cth align=\"center\"\u003ePatches (before pooling)\u003c/th\u003e\n\u003cth align=\"center\"\u003eApprox. Image Area\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e70\u003c/td\u003e\n\u003ctd align=\"center\"\u003e630\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~161K pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e140\u003c/td\u003e\n\u003ctd align=\"center\"\u003e1,260\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~323K pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e280\u003c/strong\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e2,520\u003c/strong\u003e\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\u003cstrong\u003e~645K pixels\u003c/strong\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e560\u003c/td\u003e\n\u003ctd align=\"center\"\u003e5,040\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~1.3M pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e1,120\u003c/td\u003e\n\u003ctd align=\"center\"\u003e10,080\u003c/td\u003e\n\u003ctd align=\"center\"\u003e~2.6M pixels\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eTo encode positional information for each patch in the image, Gemma 4 uses a learned 2D position embedding table. The position table stores up to 10,240 positions per axis, which allows the model to handle very large images. Each position is a learned vector of the same dimensions as the patch embedding. The 2D RoPE which Gemma 4 uses independently rotate half the attention head dimensions for the x-axis and the other half for the y-axis. This allows the model to understand spatial relationships like \u0026quot;above,\u0026quot; \u0026quot;below,\u0026quot; \u0026quot;left of,\u0026quot; and \u0026quot;right of.\u0026quot;\u003c/p\u003e\n\u003ch3\u003eNomicBERT\u003c/h3\u003e\n\u003cp\u003eNomicBERT is a BERT-inspired encoder model that applies Rotary Position Embeddings (RoPE) to create reproducible long context text embeddings. It is the first fully reproducible, open-source text embedding model with 8192 context length that outperforms both OpenAI Ada-002 and OpenAI text-embedding-3-small on short-context MTEB and long context LoCo benchmarks. The model generates dense vector embeddings for various tasks including search, clustering, and classification using specific instruction prefixes.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/nomic_bert\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://arxiv.org/abs/2402.01613\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInternalise the NomicBERT model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43067\"\u003e#43067\u003c/a\u003e) by \u003ca href=\"https://github.com/ed22699\"\u003e\u003ccode\u003e@​ed22699\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43067\"\u003e#43067\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMusicFlamingo\u003c/h3\u003e\n\u003cp\u003eMusic Flamingo is a fully open large audio–language model designed for robust understanding and reasoning over music. It builds upon the Audio Flamingo 3 architecture by including Rotary Time Embeddings (RoTE), which injects temporal position information to enable the model to handle audio sequences up to 20 minutes. The model features a unified audio encoder across speech, sound, and music with special sound boundary tokens for improved audio sequence modeling.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/musicflamingo\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2511.10289\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Music Flamingo (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43538\"\u003e#43538\u003c/a\u003e) by \u003ca href=\"https://github.com/lashahub\"\u003e\u003ccode\u003e@​lashahub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43538\"\u003e#43538\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/c1c34249fa27deefbd4a377dfbf883a39baf5c6d\"\u003e\u003ccode\u003ec1c3424\u003c/code\u003e\u003c/a\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/20bff6865a756a074f5b893b57f0ae438b25ec46\"\u003e\u003ccode\u003e20bff68\u003c/code\u003e\u003c/a\u003e update release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/89564412a56ae6581f8aa48a533a835860dc9f43\"\u003e\u003ccode\u003e8956441\u003c/code\u003e\u003c/a\u003e v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/5135e5efa7203cd23aac0866de12dfeef038422d\"\u003e\u003ccode\u003e5135e5e\u003c/code\u003e\u003c/a\u003e casually dropping the most capable open weights on the planet (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45192\"\u003e#45192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/a594e09e3924120f1f5508e7d81946bf3504df2b\"\u003e\u003ccode\u003ea594e09\u003c/code\u003e\u003c/a\u003e Internalise the NomicBERT model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43067\"\u003e#43067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/4932e9721e230bea915341e7f04db32885b6c6af\"\u003e\u003ccode\u003e4932e97\u003c/code\u003e\u003c/a\u003e Fix resized LM head weights being overwritten by post_init (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45079\"\u003e#45079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/57e84139542c8c297873f35fcd25f66ffcf132ae\"\u003e\u003ccode\u003e57e8413\u003c/code\u003e\u003c/a\u003e [Qwen3.5 MoE] Add _tp_plan to ForConditionalGeneration (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45124\"\u003e#45124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/b10552e99dc4974b30126995baea455df43f8476\"\u003e\u003ccode\u003eb10552e\u003c/code\u003e\u003c/a\u003e Fix TypeError: 'NoneType' object is not iterable in GenerationMixin.generate ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/423f2a31d2bd05bdc1dc30dd938389edaa998fde\"\u003e\u003ccode\u003e423f2a3\u003c/code\u003e\u003c/a\u003e fix(models): Fix dtype mismatch in SwitchTransformers and TimmWrapperModel (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/ade7a05a42bf53b183bb78c181743be063c5ff14\"\u003e\u003ccode\u003eade7a05\u003c/code\u003e\u003c/a\u003e Generalize gemma vision mask to videos (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45185\"\u003e#45185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.3.0...v5.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.3 to 2.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.4 (Mar 29, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.4 Release Notes\u003c/h1\u003e\n\u003cp\u003eThe NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3\nrelease. It should finally close issue \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e, the OpenBLAS threading problem\non ARM.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 8 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eDaniel Haag +\u003c/li\u003e\n\u003cli\u003eDenis Prokopenko +\u003c/li\u003e\n\u003cli\u003eHarshith J +\u003c/li\u003e\n\u003cli\u003eKoki Watanabe\u003c/li\u003e\n\u003cli\u003eMarten van Kerkwijk\u003c/li\u003e\n\u003cli\u003eMatti Picus\u003c/li\u003e\n\u003cli\u003eNathan Goldbaum\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 7 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/30978\"\u003e#30978\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31049\"\u003e#31049\u003c/a\u003e: BUG: Add test to reproduce problem described in \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30818\"\u003e#30818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31052\"\u003e#31052\u003c/a\u003e: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31035\"\u003e#31035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31053\"\u003e#31053\u003c/a\u003e: BUG: avoid warning on ufunc with where=True and no output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31058\"\u003e#31058\u003c/a\u003e: DOC: document caveats of ndarray.resize on 3.14 and newer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31079\"\u003e#31079\u003c/a\u003e: TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31084\"\u003e#31084\u003c/a\u003e: MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/be93fe2960dbf49b4647f5783c66d967fb2c65b5\"\u003e\u003ccode\u003ebe93fe2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31090\"\u003e#31090\u003c/a\u003e from charris/prepare-2.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/f5245dc7ea5c6279c59cb0d5de81113229841290\"\u003e\u003ccode\u003ef5245dc\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/02e838ba270a5ca3dd8afc5a31c090cd34a56615\"\u003e\u003ccode\u003e02e838b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31084\"\u003e#31084\u003c/a\u003e from charris/backport-31056\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/fa74b2d05f8f7604bf6635d5280c3216c8ec667f\"\u003e\u003ccode\u003efa74b2d\u003c/code\u003e\u003c/a\u003e MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31056\"\u003e#31056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/533a6db96dfa2556a61102a58c35fd64eaf3fa2b\"\u003e\u003ccode\u003e533a6db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31079\"\u003e#31079\u003c/a\u003e from charris/backport-20801\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9e496cbd0a281195bd779ae1833f2a8f4a1d46a7\"\u003e\u003ccode\u003e9e496cb\u003c/code\u003e\u003c/a\u003e TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8052c4b69ef18e582709af946f93f9e58b848f39\"\u003e\u003ccode\u003e8052c4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31058\"\u003e#31058\u003c/a\u003e from charris/backport-31021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/7f13b5ad2b69fd6ea6aa3af7036b2dcf98e96486\"\u003e\u003ccode\u003e7f13b5a\u003c/code\u003e\u003c/a\u003e MAINT: Skip test on PyPy.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/4c5fdd66c8f379a1e2b3f40fa62bd0b87769d1c7\"\u003e\u003ccode\u003e4c5fdd6\u003c/code\u003e\u003c/a\u003e MAINT: Remove unused import of tracemalloc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/a3ca5ed354b26e0fd6e35bf29765a24271ed7c3a\"\u003e\u003ccode\u003ea3ca5ed\u003c/code\u003e\u003c/a\u003e Update numpy/_core/src/multiarray/shape.c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.3...v2.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hdbscan` from 0.8.41 to 0.8.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/releases\"\u003ehdbscan's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erelease-0.8.42\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix outlier scores by \u003ca href=\"https://github.com/JelmerBot\"\u003e\u003ccode\u003e@​JelmerBot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/697\"\u003escikit-learn-contrib/hdbscan#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequences in docstring by \u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: Build Windows wheels for CPython 3.10–3.13 (GitHub Actions) by \u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequence warning in robust_single_linkage docstring by \u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse manylinux_2_8 to build wheels on linux by \u003ca href=\"https://github.com/gclendenning\"\u003e\u003ccode\u003e@​gclendenning\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/701\"\u003escikit-learn-contrib/hdbscan#701\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ehttps://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/f62160e304b0dd45f58c93de9dc75c5d2c4c2d0b\"\u003e\u003ccode\u003ef62160e\u003c/code\u003e\u003c/a\u003e Update setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/1b8973f0c90161164b6d1e86f979551b65be3e68\"\u003e\u003ccode\u003e1b8973f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/701\"\u003e#701\u003c/a\u003e from gclendenning/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8b0f0684ad1640065259bdd2de02f7e19193c5c4\"\u003e\u003ccode\u003e8b0f068\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/703\"\u003e#703\u003c/a\u003e from bentoviml/fix-docstring-escape-warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/536440435510ba6fd7a0262bba1e2b0468cc7c32\"\u003e\u003ccode\u003e5364404\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequence warning in robust_single_linkage docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/a651934d04230f83999bb4d14e532759879e03e9\"\u003e\u003ccode\u003ea651934\u003c/code\u003e\u003c/a\u003e Use manylinux_2_8 to build wheels on linux\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/92ab72f08e64537c1d2706418286a59a8560a6d7\"\u003e\u003ccode\u003e92ab72f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/699\"\u003e#699\u003c/a\u003e from andrijajovanovic98/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/74adc5ab88ac3789125692d3ecaa435cb15f97f1\"\u003e\u003ccode\u003e74adc5a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/698\"\u003e#698\u003c/a\u003e from timmooren/fix-docstring-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/6f72f71730e436c2d6b9499737d08b6b2a587d2f\"\u003e\u003ccode\u003e6f72f71\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequences in docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/d2134e5ab313754d1b55f1b5eae84f5433f3719c\"\u003e\u003ccode\u003ed2134e5\u003c/code\u003e\u003c/a\u003e python 310\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8c8d03273a5684a7c7183d7e0b6e45021f0beaeb\"\u003e\u003ccode\u003e8c8d032\u003c/code\u003e\u003c/a\u003e p313\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3084\"\u003e#3084\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3152\"\u003e#3152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3136\"\u003e#3136\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3199\"\u003e#3199\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3202\"\u003e#3202\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3209\"\u003e#3209\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3212\"\u003e#3212\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2991\"\u003e#2991\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2993\"\u003e#2993\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3110\"\u003e#3110\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3140\"\u003e#3140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3139\"\u003e#3139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3121\"\u003e#3121\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3201\"\u003e#3201\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3213\"\u003e#3213\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e_NamedTextIOWrapper\u003c/code\u003e from closing streams owned by \u003ccode\u003eStreamMixer\u003c/code\u003e.\n:issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e2991\u003c/code\u003e :issue:\u003ccode\u003e2993\u003c/code\u003e :issue:\u003ccode\u003e3110\u003c/code\u003e :pr:\u003ccode\u003e3139\u003c/code\u003e :pr:\u003ccode\u003e3140\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd comprehensive tests for \u003ccode\u003eCliRunner\u003c/code\u003e stream lifecycle, covering\nlogging interaction, multi-threaded safety, and sequential invocation\nisolation. Add high-iteration stress tests behind a \u003ccode\u003estress\u003c/code\u003e marker\nwith a dedicated CI job. :pr:\u003ccode\u003e3139\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix callable \u003ccode\u003eflag_value\u003c/code\u003e being instantiated when used as a default via\n\u003ccode\u003edefault=True\u003c/code\u003e. :issue:\u003ccode\u003e3121\u003c/code\u003e :pr:\u003ccode\u003e3201\u003c/code\u003e :pr:\u003ccode\u003e3213\u003c/code\u003e :pr:\u003ccode\u003e3225\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/052c006033729bbb422cbdad0c4fee988ecb5aa5\"\u003e\u003ccode\u003e052c006\u003c/code\u003e\u003c/a\u003e Change update release date.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/502b7ce7b131473ef00a3586e60bb000f33b4c43\"\u003e\u003ccode\u003e502b7ce\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' of \u003ca href=\"https://github.com/pallets/click\"\u003ehttps://github.com/pallets/click\u003c/a\u003e into release-8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a0a37e411820861d48e21b131fdd840abaf746e0\"\u003e\u003ccode\u003ea0a37e4\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3301\"\u003e#3301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/57be6fc2b40eb40279d022e6aabc983ee0dfb7a9\"\u003e\u003ccode\u003e57be6fc\u003c/code\u003e\u003c/a\u003e Change publish to werkzeug latest.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/781d6a88bdd30229e72a84cd6753b0235f339679\"\u003e\u003ccode\u003e781d6a8\u003c/code\u003e\u003c/a\u003e Update publish workflows (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ff795b66ba945239c779b528171f5fe4536cf844\"\u003e\u003ccode\u003eff795b6\u003c/code\u003e\u003c/a\u003e Update precommit pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/dd87ef4f9fa7d6f13e14885e9a6842a21ededebc\"\u003e\u003ccode\u003edd87ef4\u003c/code\u003e\u003c/a\u003e Update github action pins with tox\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/93d3f9d22e90035bc2b51c2183c15bd4a021376f\"\u003e\u003ccode\u003e93d3f9d\u003c/code\u003e\u003c/a\u003e Release version 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/3299ba1a8a5de34b24a7226a683a837d8a0857e7\"\u003e\u003ccode\u003e3299ba1\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog. (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/b7f62c4d002e5b5bca3ebef6b995b7338740fe6f\"\u003e\u003ccode\u003eb7f62c4\u003c/code\u003e\u003c/a\u003e Add missing PR to changelog.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15280\"\u003e#15280\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eNew docs: \u003ca href=\"https://fastapi.tiangolo.com/advanced/vibe/\"\u003eVibe Coding\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✏️ Fix typo for \u003ccode\u003eclient_secret\u003c/code\u003e in OAuth2 form docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14946\"\u003e#14946\u003c/a\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e👥 Update FastAPI People - Experts. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15279\"\u003e#15279\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump orjson from 3.11.7 to 3.11.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15276\"\u003e#15276\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.0 to 0.15.8. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15277\"\u003e#15277\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI GitHub topic repositories. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15274\"\u003e#15274\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15267\"\u003e#15267\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👥 Update FastAPI People - Contributors and Translators. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15270\"\u003e#15270\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump requests from 2.32.5 to 2.33.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15228\"\u003e#15228\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e👷 Add ty check to \u003ccode\u003elint.sh\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15136\"\u003e#15136\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/1f442c454f2f74c7419f83c203e6333955399528\"\u003e\u003ccode\u003e1f442c4\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/8f5d1577b471f389f6cdea878d40a1497fda7746\"\u003e\u003ccode\u003e8f5d157\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428452a710338334ae11043a48b06d52d9b3edba\"\u003e\u003ccode\u003e428452a\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/70580da818722cce68b7a88928d67bd0f64f42c5\"\u003e\u003ccode\u003e70580da\u003c/code\u003e\u003c/a\u003e ✨ Add support for \u003ccode\u003e@app.vibe()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15280\"\u003e#15280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6ee87478d821171139264cd9cd17cbd2232934ce\"\u003e\u003ccode\u003e6ee8747\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3e72c09a2abfe9e1b55eede6a297cb1847126e49\"\u003e\u003ccode\u003e3e72c09\u003c/code\u003e\u003c/a\u003e 👥 Update FastAPI People - Experts (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15279\"\u003e#15279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/96df35f7a4337d612811483d8ade74f91cce2d61\"\u003e\u003ccode\u003e96df35f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/6c8112555bd86f21cfee8500140dca094ad26e20\"\u003e\u003ccode\u003e6c81125\u003c/code\u003e\u003c/a\u003e ⬆ Bump orjson from 3.11.7 to 3.11.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15276\"\u003e#15276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/428f82c93616b52aee2fcee03484a855135c07e5\"\u003e\u003ccode\u003e428f82c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/5599c59b9e7112109f04b63a58034fb95833f514\"\u003e\u003ccode\u003e5599c59\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.0 to 0.15.8 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15277\"\u003e#15277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-03T20:06:44.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4202024632","node_id":"PR_kwDORuoLRM7P3V10","number":5,"state":"closed","title":"Bump ecdsa from 0.19.1 to 0.19.2","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T20:49:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T20:06:44.000Z","updated_at":"2026-04-03T20:49:58.000Z","time_to_close":2584,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ekimtech/personal-neuro-layer/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ekimtech/personal-neuro-layer/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekimtech%2Fpersonal-neuro-layer/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-02T17:49:22.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4196072386","node_id":"PR_kwDOKbhx4c7PoOcn","number":2920,"state":"closed","title":"build(deps): bump the pip group across 5 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T18:15:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-02T17:49:22.000Z","updated_at":"2026-04-02T18:15:10.000Z","time_to_close":1546,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":8,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"cbor2","old_version":"5.7.0","new_version":"5.9.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"filelock","old_version":"3.19.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 5 updates in the /oid4vc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.7.0` | `5.9.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.19.1` | `3.20.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n\nBumps the pip group with 2 updates in the /oid4vc/auth_server directory: [orjson](https://github.com/ijl/orjson) and [authlib](https://github.com/authlib/authlib).\nBumps the pip group with 1 update in the /oid4vc/integration directory: [black](https://github.com/psf/black).\nBumps the pip group with 1 update in the /status_list directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /status_list/integration directory: [black](https://github.com/psf/black).\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.7.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003emax_depth\u003c/code\u003e decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209)\u003c/li\u003e\n\u003cli\u003eChanged the default \u003ccode\u003eread_size\u003c/code\u003e from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing \u003ccode\u003eread_size=4096\u003c/code\u003e when they don't need to access the stream directly after decoding. Added a direct read path for \u003ccode\u003eread_size=1\u003c/code\u003e to avoid buffer management overhead. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/275\"\u003e#275\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a missed check for an exception in the C implementation of \u003ccode\u003eCBOREncoder.encode_shared()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed two reference/memory leaks in the C extension's long string decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/290\"\u003e#290\u003c/a\u003e PR by \u003ca href=\"https://github.com/killiancowan82\"\u003e\u003ccode\u003e@​killiancowan82\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C decoder ignoring the \u003ccode\u003estr_errors\u003c/code\u003e setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/255\"\u003e#255\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/93c598838d50b554e242920902aada82d32d55bc\"\u003e\u003ccode\u003e93c5988\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/d903d62c86de118e8abe626596f9be7b98ac44e9\"\u003e\u003ccode\u003ed903d62\u003c/code\u003e\u003c/a\u003e Updated the max_depth default value in the C function signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2b53b2813d44a7919dae18747b5ac36cf9c5fb87\"\u003e\u003ccode\u003e2b53b28\u003c/code\u003e\u003c/a\u003e Stack allocate small strings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a7ac10d5cbb7a8622e8270c201a131ac2abc26c7\"\u003e\u003ccode\u003ea7ac10d\u003c/code\u003e\u003c/a\u003e Upped the max_depth value to 400\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/54c8ed541c5f4842508cace5ff4b2aae54bc731b\"\u003e\u003ccode\u003e54c8ed5\u003c/code\u003e\u003c/a\u003e Fixed reference/memory leaks in decode_definite_long_string (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a8d92dc3dc00233c796c4abccb5daa31089bf3c0\"\u003e\u003ccode\u003ea8d92dc\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c91aa007117828560329a1624eabc5dad5435ebc\"\u003e\u003ccode\u003ec91aa00\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/53521e7ca96c7a19f8a529fe59ef566212a24b3f\"\u003e\u003ccode\u003e53521e7\u003c/code\u003e\u003c/a\u003e Fixed ssize_t to Py_ssize_t\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/94e0d2125fbfb183606afa9ef07754a8dba50748\"\u003e\u003ccode\u003e94e0d21\u003c/code\u003e\u003c/a\u003e Added missing Python counterpart for max_depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/bcb6cea4edde1d00ff4f0eece883dea951f66e1b\"\u003e\u003ccode\u003ebcb6cea\u003c/code\u003e\u003c/a\u003e Added the max_depth decoder parameter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.7.0...5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.19.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.19.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compress...\n\n_Description has been truncated_","html_url":"https://github.com/openwallet-foundation/acapy-plugins/pull/2920","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openwallet-foundation%2Facapy-plugins/issues/2920","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2920/packages"}},{"old_version":"0.19.0","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-04-01T22:23:37.000Z","version_change":"0.19.0 → 0.19.2","issue":{"uuid":"4190247269","node_id":"PR_kwDONUO8uM7PZVgD","number":113,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T22:23:37.000Z","updated_at":"2026-04-01T22:24:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":14,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.0.1` | `8.6.2` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/qlustered/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.0.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.0 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eecdsa 0.19.1\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implicit\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/li\u003e\n\u003cli\u003eOfficially support Python 3.12 and 3.13 (add them to CI)\u003c/li\u003e\n\u003cli\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/li\u003e\n\u003cli\u003eFix typos in warning messages\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/2a6593d840ad153a16ebdd4f9b772b290494f3e3\"\u003e\u003ccode\u003e2a6593d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/359\"\u003e#359\u003c/a\u003e from tlsfuzzer/release-0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/658ddc81bbd20e0197a59c9c0fa7dcc5b17d7d06\"\u003e\u003ccode\u003e658ddc8\u003c/code\u003e\u003c/a\u003e add release notes for 0.19.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/3c5df06ae85ea0b35557fe5f8874eec4f2b39db0\"\u003e\u003ccode\u003e3c5df06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/358\"\u003e#358\u003c/a\u003e from tlsfuzzer/high-s-values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/b6d43c60e309bccd681eb1baab502f817ff226b6\"\u003e\u003ccode\u003eb6d43c6\u003c/code\u003e\u003c/a\u003e use integer division for canonicalization of signatures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/aa81ba3b7339f30362098580c754576bc15edba1\"\u003e\u003ccode\u003eaa81ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/357\"\u003e#357\u003c/a\u003e from tlsfuzzer/new-badge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.0...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.12 to 0.0.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003eKludex/python-multipart#216\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/203\"\u003eKludex/python-multipart#203\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.20\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary, fixes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/38\"\u003e#38\u003c/a\u003e by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003eKludex/python-multipart#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Mr-Sunglasses\"\u003e\u003ccode\u003e@​Mr-Sunglasses\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/185\"\u003eKludex/python-multipart#185\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.19\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003eKludex/python-multipart#193\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.18\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003eKludex/python-multipart#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name by \u003ca href=\"https://github.com/defnull\"\u003e\u003ccode\u003e@​defnull\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003eKludex/python-multipart#182\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.17 (2024-10-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003e#182\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.16 (2024-10-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd dunder attributes to \u003ccode\u003emultipart\u003c/code\u003e package \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/177\"\u003e#177\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.15 (2024-10-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eFutureWarning\u003c/code\u003e to \u003ccode\u003ePendingDeprecationWarning\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/174\"\u003e#174\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd missing files to SDist \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/171\"\u003e#171\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.14 (2024-10-24)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix import scheme for \u003ccode\u003emultipart\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/168\"\u003e#168\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.13 (2024-10-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRename import to \u003ccode\u003epython_multipart\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/166\"\u003e#166\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/bea7bbb2904da8ce39123a845088dc72464eaddf\"\u003e\u003ccode\u003ebea7bbb\u003c/code\u003e\u003c/a\u003e Version 0.0.22 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0fb59a9df0f273bfde99740b302ccb2ae45e2b8a\"\u003e\u003ccode\u003e0fb59a9\u003c/code\u003e\u003c/a\u003e chore: add return type on test (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e\u003ccode\u003e9433f4b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d5c91ecb0aa1cae03fe2d9811d193c952e714f17\"\u003e\u003ccode\u003ed5c91ec\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/219\"\u003e#219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/5a90631b484f8d3284b691d453c24be3db57f5cb\"\u003e\u003ccode\u003e5a90631\u003c/code\u003e\u003c/a\u003e bump uv (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1f72955602445706b5517a6f58a720796ad3d96a\"\u003e\u003ccode\u003e1f72955\u003c/code\u003e\u003c/a\u003e Version 0.0.21 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/47ecfed3533ed8dcafd800508dbf594438fd0949\"\u003e\u003ccode\u003e47ecfed\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 and drop EOL 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/f18b70941b727c947f7e6b17e1c3321f5ad3afb6\"\u003e\u003ccode\u003ef18b709\u003c/code\u003e\u003c/a\u003e Bump the github-actions group across 1 directory with 4 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/214\"\u003e#214\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b388e9a7a82605cc8613798926afe8f6074cb372\"\u003e\u003ccode\u003eb388e9a\u003c/code\u003e\u003c/a\u003e chore: use depedency-groups in \u003ccode\u003epyproject.toml\u003c/code\u003e (\u003ca hr...\n\n_Description has been truncated_","html_url":"https://github.com/patrik-fredon/langflow/pull/113","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/113","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/113/packages"}},{"old_version":"0.18.0","new_version":"0.19.2","update_type":"minor","path":null,"pr_created_at":"2026-04-01T00:50:08.000Z","version_change":"0.18.0 → 0.19.2","issue":{"uuid":"4183262804","node_id":"PR_kwDOQp2jac7PG05r","number":8,"state":"closed","title":"Bump the uv group across 10 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T00:52:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T00:50:08.000Z","updated_at":"2026-04-01T00:52:14.000Z","time_to_close":125,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":16,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"mlflow","old_version":"2.22.0","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"},{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyasn1","old_version":"0.5.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"werkzeug","old_version":"2.3.8","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.18.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"memray","old_version":"1.19.1","new_version":"1.19.2","repository_url":"https://github.com/bloomberg/memray"},{"name":"onnx","old_version":"1.15.0","new_version":"1.21.0rc1","repository_url":"https://github.com/onnx/onnx"},{"name":"orjson","old_version":"3.9.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyopenssl","old_version":"25.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/raydepsets/tests/test_data directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc/source/ray-overview/examples/e2e-xgboost directory: [mlflow](https://github.com/mlflow/mlflow).\nBumps the uv group with 2 updates in the /doc/source/ray-overview/examples/multi_agent_a2a/content directory: [langgraph](https://github.com/langchain-ai/langgraph) and [mcp](https://github.com/modelcontextprotocol/python-sdk).\nBumps the uv group with 14 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [mlflow](https://github.com/mlflow/mlflow) | `2.22.0` | `3.9.0rc0` |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.8` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.2` |\n| [memray](https://github.com/bloomberg/memray) | `1.19.1` | `1.19.2` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.0.0` | `26.0.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\nBumps the uv group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the uv group with 4 updates in the /python/requirements directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug), [black](https://github.com/psf/black) and [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 1 update in the /python/requirements/ml directory: [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 2 updates in the /release directory: [pyasn1](https://github.com/pyasn1/pyasn1) and [cryptography](https://github.com/pyca/cryptography).\nBumps the uv group with 5 updates in the /release/ray_release/byod directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.1.4` | `3.9.0rc0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.19.0 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Support pagination in get-history of FileStore and SqlAlchemyStore (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16325\"\u003e#16325\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md\"\u003emlflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.4 (2025-07-23)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.3 (2025-07-22)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.2 (2025-07-08)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.1 (2025-06-25)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/d393a0c2bd1a2dcd1ffab4784af3579266a78dc0\"\u003e\u003ccode\u003ed393a0c\u003c/code\u003e\u003c/a\u003e Run python3 dev/update_mlflow_versions.py pre-release ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/bbe2e934823661254a68202397fb77ba46b0b404\"\u003e\u003ccode\u003ebbe2e93\u003c/code\u003e\u003c/a\u003e Fix Java POM for central release (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/91712a50b5f61553f7d01176dc5f02bd7cae0897\"\u003e\u003ccode\u003e91712a5\u003c/code\u003e\u003c/a\u003e lint change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/6d1469df7094b666b3df723a8c1c93e4d2d05955\"\u003e\u003ccode\u003e6d1469d\u003c/code\u003e\u003c/a\u003e fix merge for model serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3fa96eb8f099281bbc3021eee351e200e98e542a\"\u003e\u003ccode\u003e3fa96eb\u003c/code\u003e\u003c/a\u003e Fix releasing to central (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/377a0f2faeb0d4435df1982ea19d9dc900a819e5\"\u003e\u003ccode\u003e377a0f2\u003c/code\u003e\u003c/a\u003e update mlflow-tracing version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/5cc8e8d880543f578bf87227949195ec50d26ff0\"\u003e\u003ccode\u003e5cc8e8d\u003c/code\u003e\u003c/a\u003e Update build scripts to handle mlflow-tracing (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/15860\"\u003e#15860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3acca543505a4a1ceff8c226de44003d3814cdaf\"\u003e\u003ccode\u003e3acca54\u003c/code\u003e\u003c/a\u003e Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/16748ac5acb42647ef277e96797dfbcb626c36b7\"\u003e\u003ccode\u003e16748ac\u003c/code\u003e\u003c/a\u003e Update pom with further fixes (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/311a33195f3d58f3390fd23298df4d2cf4360a5b\"\u003e\u003ccode\u003e311a331\u003c/code\u003e\u003c/a\u003e Fix issue with search_registered_models with Databricks UC backend not suppor...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mlflow/mlflow/compare/v2.19.0...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.0.3 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: shallow copy futures (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6755\"\u003e#6755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: pydantic messages double streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6753\"\u003e#6753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6673\"\u003e#6673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: enhance \u003ccode\u003eRuntime\u003c/code\u003e and \u003ccode\u003eToolRuntime\u003c/code\u003e class descriptions for clarity (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add clarity to use of \u003ccode\u003ethread_id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6515\"\u003e#6515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add docstrings to \u003ccode\u003eadd_node\u003c/code\u003e overloads (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6514\"\u003e#6514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: update notebook links and add archival notices for examples (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6720\"\u003e#6720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6716\"\u003e#6716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: inject ToolRuntime for dynamically registered tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6874\"\u003e#6874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6849\"\u003e#6849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6810\"\u003e#6810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs(prebuilt): update warning for \u003ccode\u003ecreate_react_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6760\"\u003e#6760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.3...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.22.0 to 3.9.0rc0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#1645...\n\n_Description has been truncated_","html_url":"https://github.com/preechapon250/ray/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/preechapon250%2Fray/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-03-30T20:24:14.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4173850764","node_id":"PR_kwDOOqpDzM7OvzvK","number":13,"state":"closed","title":"Bump the pip group across 4 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T21:20:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T20:24:14.000Z","updated_at":"2026-04-01T21:20:16.000Z","time_to_close":176160,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":5,"packages":[{"name":"pypdf","old_version":"5.6.0","new_version":"6.9.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"45.0.4","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"langchain-core","old_version":"0.3.64","new_version":"1.2.22","repository_url":"https://github.com/langchain-ai/langchain"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.6.0` | `6.9.2` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.4` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.64` | `1.2.22` |\n\nBumps the pip group with 5 updates in the /1_foundations/community_contributions/weather-tool directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.6.1` | `6.9.2` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.4` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.66` | `1.2.22` |\n\nBumps the pip group with 1 update in the /2_openai/community_contributions/sngo_deep_research_all_agents directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /3_crew/community_contributions/conversational-debate directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `pypdf` from 5.6.0 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.7.5, 2026-03-02\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the performance of the ASCIIHexDecode filter (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3666\"\u003e#3666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.6.0...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.4 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.4...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.64 to 1.2.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.22\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.21\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\nfix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate methods (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36200\"\u003e#36200\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.21\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.20\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nchore(core): remove stale blockbuster allowlist for deleted context module (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36168\"\u003e#36168\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.20\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.19\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.20 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36085\"\u003e#36085\u003c/a\u003e)\nfix(core): trace invocation params in metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36080\"\u003e#36080\u003c/a\u003e)\nfeat: Add LangSmith integration metadata to create_agent and init_chat_model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35810\"\u003e#35810\u003c/a\u003e)\nfeat(core): harden anti-ssrf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35960\"\u003e#35960\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\ndocs(core): document \u003ccode\u003ebase_url\u003c/code\u003e in mermaid api (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35961\"\u003e#35961\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35805\"\u003e#35805\u003c/a\u003e)\nchore: housekeeping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35850\"\u003e#35850\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.19\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.18\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35832\"\u003e#35832\u003c/a\u003e)\nchore(core): move BaseCrossEncoder to langchain-core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35809\"\u003e#35809\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35775\"\u003e#35775\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.18\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.17\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.18 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35704\"\u003e#35704\u003c/a\u003e)\nfix(core): fix double backticks in deprecation docstring for alternative_import (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35658\"\u003e#35658\u003c/a\u003e)\nfix(core): preserve default_factory when generating tool call schema (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35550\"\u003e#35550\u003c/a\u003e)\nfeat(openai): support tool search (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35582\"\u003e#35582\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35605\"\u003e#35605\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.17\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.16\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.17 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35527\"\u003e#35527\u003c/a\u003e)\nfix(core): extract usage metadata from serialized tracer message outputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35526\"\u003e#35526\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35513\"\u003e#35513\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35441\"\u003e#35441\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d22df94537e4267f72dc1bbfc8e3849baf20d9f7\"\u003e\u003ccode\u003ed22df94\u003c/code\u003e\u003c/a\u003e release(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c\"\u003e\u003ccode\u003e27add91\u003c/code\u003e\u003c/a\u003e fix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate metho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7563fceb40ce31165524f3f57ec65e487c02b1a7\"\u003e\u003ccode\u003e7563fce\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36195\"\u003e#36195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3e64c255b84b283b3a65216b19b9838734258c96\"\u003e\u003ccode\u003e3e64c25\u003c/code\u003e\u003c/a\u003e chore: use repo permissions instead of org membership for maintainer override...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1778b082ecd64a9dedd48674d874ca1bfcbe4c7d\"\u003e\u003ccode\u003e1778b08\u003c/code\u003e\u003c/a\u003e chore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/ad574fce0d52740c249b0db7bde871d779ffb93d\"\u003e\u003ccode\u003ead574fc\u003c/code\u003e\u003c/a\u003e fix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/19f81cf6f1d73f7adf156491ba0617497a526b8c\"\u003e\u003ccode\u003e19f81cf\u003c/code\u003e\u003c/a\u003e release(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6d07ef28a7023dc7b832fe52862f7a6fc0a187f3\"\u003e\u003ccode\u003e6d07ef2\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/2f64d80cc65091985873c339ca76a59af7baf739\"\u003e\u003ccode\u003e2f64d80\u003c/code\u003e\u003c/a\u003e fix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5ffece5c033365baf4a3df52ffed5c6bfbed27ee\"\u003e\u003ccode\u003e5ffece5\u003c/code\u003e\u003c/a\u003e chore(core): remove stale blockbuster allowlist for deleted context module (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.64...langchain-core==1.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 5.6.1 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.7.5, 2026-03-02\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the performance of the ASCIIHexDecode filter (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3666\"\u003e#3666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.6.0...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.4 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.4...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.66 to 1.2.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.22\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.21\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\nfix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate methods (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36200\"\u003e#36200\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.21\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.20\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.21 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36179\"\u003e#36179\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nchore(core): remove stale blockbuster allowlist for deleted context module (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36168\"\u003e#36168\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.20\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.19\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.20 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36085\"\u003e#36085\u003c/a\u003e)\nfix(core): trace invocation params in metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36080\"\u003e#36080\u003c/a\u003e)\nfeat: Add LangSmith integration metadata to create_agent and init_chat_model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35810\"\u003e#35810\u003c/a\u003e)\nfeat(core): harden anti-ssrf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35960\"\u003e#35960\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\ndocs(core): document \u003ccode\u003ebase_url\u003c/code\u003e in mermaid api (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35961\"\u003e#35961\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35805\"\u003e#35805\u003c/a\u003e)\nchore: housekeeping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35850\"\u003e#35850\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.19\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.18\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35832\"\u003e#35832\u003c/a\u003e)\nchore(core): move BaseCrossEncoder to langchain-core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35809\"\u003e#35809\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35775\"\u003e#35775\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.18\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.17\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.18 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35704\"\u003e#35704\u003c/a\u003e)\nfix(core): fix double backticks in deprecation docstring for alternative_import (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35658\"\u003e#35658\u003c/a\u003e)\nfix(core): preserve default_factory when generating tool call schema (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35550\"\u003e#35550\u003c/a\u003e)\nfeat(openai): support tool search (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35582\"\u003e#35582\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35605\"\u003e#35605\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.17\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.16\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.17 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35527\"\u003e#35527\u003c/a\u003e)\nfix(core): extract usage metadata from serialized tracer message outputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35526\"\u003e#35526\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 7 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35513\"\u003e#35513\u003c/a\u003e)\nchore: bump the langchain-deps group across 3 directories with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35441\"\u003e#35441\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d22df94537e4267f72dc1bbfc8e3849baf20d9f7\"\u003e\u003ccode\u003ed22df94\u003c/code\u003e\u003c/a\u003e release(core): 1.2.22 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36201\"\u003e#36201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c\"\u003e\u003ccode\u003e27add91\u003c/code\u003e\u003c/a\u003e fix(core): validate paths in \u003ccode\u003eprompt.save\u003c/code\u003e and \u003ccode\u003eload_prompt\u003c/code\u003e, deprecate metho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7563fceb40ce31165524f3f57ec65e487c02b1a7\"\u003e\u003ccode\u003e7563fce\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36195\"\u003e#36195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3e64c255b84b283b3a65216b19b9838734258c96\"\u003e\u003ccode\u003e3e64c25\u003c/code\u003e\u003c/a\u003e chore: use repo permissions instead of org membership for maintainer override...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/1778b082ecd64a9dedd48674d874ca1bfcbe4c7d\"\u003e\u003ccode\u003e1778b08\u003c/code\u003e\u003c/a\u003e chore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/l...\n\n_Description has been truncated_","html_url":"https://github.com/RailDevOps/agents/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RailDevOps%2Fagents/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-03-30T20:21:42.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4173836593","node_id":"PR_kwDOPVjG2c7Ovw5_","number":22,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T20:23:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T20:21:42.000Z","updated_at":"2026-03-30T20:23:59.000Z","time_to_close":135,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"black","old_version":"25.9.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"deepdiff","old_version":"8.6.1","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"dynaconf","old_version":"3.2.12","new_version":"3.2.13","repository_url":"https://github.com/dynaconf/dynaconf"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"google-cloud-aiplatform","old_version":"1.120.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"langgraph-checkpoint","old_version":"2.1.2","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"protobuf","old_version":"5.29.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [black](https://github.com/psf/black) | `25.9.0` | `26.3.1` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.6.1` | `8.6.2` |\n| [dynaconf](https://github.com/dynaconf/dynaconf) | `3.2.12` | `3.2.13` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.120.0` | `1.133.0` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.1.2` | `4.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.22` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.0` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.9.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.9.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.6.1 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.6.1...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dynaconf` from 3.2.12 to 3.2.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dynaconf/dynaconf/releases\"\u003edynaconf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.2.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e@jinja\u003c/code\u003e and \u003ccode\u003e@format\u003c/code\u003e templating vulnerabilities. *By \u003ca href=\"https://github.com/pedro-psb\"\u003e\u003ccode\u003e@​pedro-psb\u003c/code\u003e\u003c/a\u003e *.\u003c/li\u003e\n\u003cli\u003eFix failing \u003ccode\u003e@get\u003c/code\u003e converter. *By \u003ca href=\"https://github.com/rochacbruno\"\u003e\u003ccode\u003e@​rochacbruno\u003c/code\u003e\u003c/a\u003e *\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\"\u003ehttps://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dynaconf/dynaconf/blob/3.2.13/CHANGELOG.md\"\u003edynaconf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/pedro-psb/dynaconf/releases/tag/3.2.13\"\u003e3.2.13\u003c/a\u003e - 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix linting errors and pre-commit config. \u003cem\u003eBy Pedro Brochado\u003c/em\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/3c39a2cc910e4e018f9c745494b019e979f587d1\"\u003e\u003ccode\u003e3c39a2c\u003c/code\u003e\u003c/a\u003e Release version 3.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/379fc67bdba3b35a6849db06683c7b4232d28489\"\u003e\u003ccode\u003e379fc67\u003c/code\u003e\u003c/a\u003e chore: fix linting errors and pre-commit config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7\"\u003e\u003ccode\u003e2fbb45e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://github.com/jinja\"\u003e\u003ccode\u003e@​jinja\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/format\"\u003e\u003ccode\u003e@​format\u003c/code\u003e\u003c/a\u003e templating vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/8547454cdf46dcc032a2fb46dad57fdb0235ec22\"\u003e\u003ccode\u003e8547454\u003c/code\u003e\u003c/a\u003e backport \u003ca href=\"https://redirect.github.com/dynaconf/dynaconf/issues/1347\"\u003e#1347\u003c/a\u003e fix failing get converter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dynaconf/dynaconf/commit/83c1690cfc540347605d2fc55fec3a70488c5eba\"\u003e\u003ccode\u003e83c1690\u003c/code\u003e\u003c/a\u003e Bump to version 3.2.13-dev0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dynaconf/dynaconf/compare/3.2.12...3.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.120.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.120.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-checkpoint` from 2.1.2 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-checkpoint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-checkpoint==4.0.0\u003c/h2\u003e\n\u003cp\u003eChanges since checkpoint==3.0.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(checkpoint): InMemorySaver context managers should return self in… (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6529\"\u003e#6529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: docstring for serializer protocol (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6525\"\u003e#6525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: clean up some refs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6487\"\u003e#6487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003epyproject.toml\u003c/code\u003e links (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6364\"\u003e#6364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.5\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: re-use connection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7220\"\u003e#7220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7194\"\u003e#7194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7071\"\u003e#7071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6916\"\u003e#6916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.7 to 1.2.11 in /libs/checkpoint-postgres (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6831\"\u003e#6831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6808\"\u003e#6808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.4\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: storage nits (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6651\"\u003e#6651\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-sqlite==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointsqlite==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: aiosqlite's breaking change (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.2\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c\"\u003e\u003ccode\u003ef91d79d\u003c/code\u003e\u003c/a\u003e fix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/cb2faa7dda0f2ea49d2729361e1802fb233feaa5\"\u003e\u003ccode\u003ecb2faa7\u003c/code\u003e\u003c/a\u003e fix(prebuilt): support generic type arguments for ToolRuntime injection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6509\"\u003e#6509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a5827c5c6193669d3063897e1845a45cfb90d732\"\u003e\u003ccode\u003ea5827c5\u003c/code\u003e\u003c/a\u003e fix: change default recursion limit (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5212369bd0791806083f183cb19ccce024db8790\"\u003e\u003ccode\u003e5212369\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add end-time to crons client (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7045a23148bfb7c7de825776531d163f22241aaa\"\u003e\u003ccode\u003e7045a23\u003c/code\u003e\u003c/a\u003e fix: add \u003ccode\u003estate\u003c/code\u003e attribute to \u003ccode\u003eToolCallRequest\u003c/code\u003e overrides (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6668\"\u003e#6668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/728db10b1f38c9c56f097d2847f0330977d5eba2\"\u003e\u003ccode\u003e728db10\u003c/code\u003e\u003c/a\u003e fix: suppress unintended deprecation warning (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6669\"\u003e#6669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/454af218968b2962b4beeb9a28b9d421f0610694\"\u003e\u003ccode\u003e454af21\u003c/code\u003e\u003c/a\u003e feat(sdk-py): cron.on_run_completed support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b4630d84520e5f8b6c6580f15cd7dada214ef657\"\u003e\u003ccode\u003eb4630d8\u003c/code\u003e\u003c/a\u003e chore: delete docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6488\"\u003e#6488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/311465bbf7751829942b92bc28c5a79e0666710f\"\u003e\u003ccode\u003e311465b\u003c/code\u003e\u003c/a\u003e fix: sanitize namespace for deeply nested graph jumps (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6665\"\u003e#6665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8ccead9560f6cd76537f632d7a310ba41e38f28b\"\u003e\u003ccode\u003e8ccead9\u003c/code\u003e\u003c/a\u003e docs: x-refs and explainer in tool node docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6653\"\u003e#6653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/checkpoint==2.1.2...checkpoint==4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuatio...\n\n_Description has been truncated_","html_url":"https://github.com/philipgabrielromano/langflow/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/philipgabrielromano%2Flangflow/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-03-30T04:38:58.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4167268894","node_id":"PR_kwDORju0hs7Oeyzw","number":20,"state":"closed","title":"Bump the pip-dependencies group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-06T04:37:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T04:38:58.000Z","updated_at":"2026-04-06T04:37:21.000Z","time_to_close":604702,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip-dependencies","update_count":24,"packages":[{"name":"torch","old_version":"2.7.1+cpu","new_version":"2.11.0+cpu"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"transformers","old_version":"5.3.0","new_version":"5.4.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"numpy","old_version":"2.4.3","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"hdbscan","old_version":"0.8.41","new_version":"0.8.42","repository_url":"https://github.com/scikit-learn-contrib/hdbscan"},{"name":"alembic","old_version":"1.14.0","new_version":"1.18.4","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"email-validator","old_version":"2.2.0","new_version":"2.3.0","repository_url":"https://github.com/JoshData/python-email-validator"},{"name":"fastapi","old_version":"0.115.0","new_version":"0.135.2","repository_url":"https://github.com/fastapi/fastapi"},{"name":"psycopg2-binary","old_version":"2.9.10","new_version":"2.9.11","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic-settings","old_version":"2.6.1","new_version":"2.13.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.44.0","repository_url":"https://github.com/pydantic/pydantic-core"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.5.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.36","new_version":"2.0.48","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"starlette","old_version":"0.38.6","new_version":"1.0.0","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.30.6","new_version":"0.42.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"celery","old_version":"5.4.0","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"redis","old_version":"5.2.0","new_version":"7.4.0","repository_url":"https://github.com/redis/redis-py"},{"name":"kombu","old_version":"5.3.4","new_version":"5.6.2","repository_url":"https://github.com/celery/kombu"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-dependencies group with 24 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| torch | `2.7.1+cpu` | `2.11.0+cpu` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.3.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.3.0` | `5.4.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.3` | `2.4.4` |\n| [hdbscan](https://github.com/scikit-learn-contrib/hdbscan) | `0.8.41` | `0.8.42` |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.4` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.5` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.135.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.6.1` | `2.13.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.41.5` | `2.44.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.5.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.48` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `1.0.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.30.6` | `0.42.0` |\n| [celery](https://github.com/celery/celery) | `5.4.0` | `5.6.3` |\n| [redis](https://github.com/redis/redis-py) | `5.2.0` | `7.4.0` |\n| [kombu](https://github.com/celery/kombu) | `5.3.4` | `5.6.2` |\n\n\nUpdates `torch` from 2.7.1+cpu to 2.11.0+cpu\n\nUpdates `sentence-transformers` from 5.2.3 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0 - Improved Contrastive Learning, New Losses, and Transformers v5 Compatibility\u003c/h2\u003e\n\u003cp\u003eThis minor version brings several improvements to contrastive learning: \u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports alternative InfoNCE formulations (symmetric, GTE-style) and optional hardness weighting for harder negatives. Two new losses are introduced, \u003ccode\u003eGlobalOrthogonalRegularizationLoss\u003c/code\u003e for embedding space regularization and \u003ccode\u003eCachedSpladeLoss\u003c/code\u003e for memory-efficient SPLADE training. The release also adds a faster hashed batch sampler, fixes \u003ccode\u003eGroupByLabelBatchSampler\u003c/code\u003e for triplet losses, and ensures full compatibility with the latest Transformers v5 versions.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.3.0\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.3.0\npip install sentence-transformers[onnx-gpu]==5.3.0\npip install sentence-transformers[onnx]==5.3.0\npip install sentence-transformers[openvino]==5.3.0\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eUpdated MultipleNegativesRankingLoss (a.k.a. InfoNCE)\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e received two major upgrades: support for alternative InfoNCE formulations from the literature, and optional hardness weighting to up-weight harder negatives.\u003c/p\u003e\n\u003ch3\u003eSupport other InfoNCE variants (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3607\"\u003e#3607\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eMultipleNegativesRankingLoss\u003c/code\u003e now supports several well-known contrastive loss variants from the literature through new \u003ccode\u003edirections\u003c/code\u003e and \u003ccode\u003epartition_mode\u003c/code\u003e parameters. Previously, this loss only supported the standard forward direction (query → doc). You can now configure which similarity interactions are included in the loss:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_doc\u0026quot;\u003c/code\u003e (default): For each query, its matched document should score higher than all other documents.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_query\u0026quot;\u003c/code\u003e: The symmetric reverse — for each document, its matched query should score higher than all other queries.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;query_to_query\u0026quot;\u003c/code\u003e: For each query, all other queries should score lower than its matched document.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e\u0026quot;doc_to_doc\u0026quot;\u003c/code\u003e: For each document, all other documents should score lower than its matched query.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ccode\u003epartition_mode\u003c/code\u003e controls how scores are normalized: \u003ccode\u003e\u0026quot;joint\u0026quot;\u003c/code\u003e computes a single softmax over all directions, while \u003ccode\u003e\u0026quot;per_direction\u0026quot;\u003c/code\u003e computes a separate softmax per direction and averages the losses.\u003c/p\u003e\n\u003cp\u003eThese combine to reproduce several loss formulations from the literature:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eStandard InfoNCE\u003c/strong\u003e (default, unchanged behavior):\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(model)\r\n# equivalent to directions=(\u0026quot;query_to_doc\u0026quot;,), partition_mode=\u0026quot;joint\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eSymmetric InfoNCE\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2310.19923\"\u003eGünther et al. 2024\u003c/a\u003e) — adds the reverse direction so both queries and documents are trained to find their match:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n    model,\r\n    directions=(\u0026quot;query_to_doc\u0026quot;, \u0026quot;doc_to_query\u0026quot;),\r\n    partition_mode=\u0026quot;per_direction\u0026quot;,\r\n)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eGTE improved contrastive loss\u003c/strong\u003e (\u003ca href=\"https://arxiv.org/abs/2308.03281\"\u003eLi et al. 2023\u003c/a\u003e) — adds same-type negatives (query \u0026lt;-\u0026gt; query, doc \u0026lt;-\u0026gt; doc) for a stronger training signal, especially useful with pairs-only data:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003eloss = MultipleNegativesRankingLoss(\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce48ecc77f8c7ed97c8fcc3cd99fde6071206680\"\u003e\u003ccode\u003ece48ecc\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.3-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/cec08f89aabaa11a1675529fb7b11618c8255622\"\u003e\u003ccode\u003ecec08f8\u003c/code\u003e\u003c/a\u003e Fix citation for EmbeddingGemma paper (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/c29b3a69f7eca78d613fc2e465989ee880216c8d\"\u003e\u003ccode\u003ec29b3a6\u003c/code\u003e\u003c/a\u003e Release v5.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/55c13de47ea9475b1416a34af36716cc477bd95f\"\u003e\u003ccode\u003e55c13de\u003c/code\u003e\u003c/a\u003e Prep docs main page for v5.3.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/72e75f7868700a768f6c57fb16e76b18df250f72\"\u003e\u003ccode\u003e72e75f7\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003etests\u003c/code\u003e] Add slow reproduction tests for most common models (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/237e44151758a9b4eb86b1ecd73152884073549a\"\u003e\u003ccode\u003e237e441\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Fix model card generation with set_transform with new column names (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/7f180b4b7146af66e2b043cdaa89bf87babe28bc\"\u003e\u003ccode\u003e7f180b4\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efeat\u003c/code\u003e] Add hardness-weighted contrastive learning to losses (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/58900864d51cde2f918885587709b2466938422c\"\u003e\u003ccode\u003e5890086\u003c/code\u003e\u003c/a\u003e Disallow query_to_query/doc_to_doc with partition_mode=\u0026quot;per_direction\u0026quot; due to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/6518c36671294b2125506f0d382d04102f739c91\"\u003e\u003ccode\u003e6518c36\u003c/code\u003e\u003c/a\u003e CE trainer: Removed IterableDataset from train and eval dataset type hints (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1e0e84cbfb5483ffe1a5ff7db459c67a61487f3f\"\u003e\u003ccode\u003e1e0e84c\u003c/code\u003e\u003c/a\u003e Add tips for adjusting batch size to improve processing speed (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.3.0 to 5.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v5.4.0: PaddlePaddle models 🙌, Mistral 4, PI0, VidEoMT, UVDoc, SLANeXt, Jina Embeddings v3\u003c/h2\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eVidEoMT\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eVideo Encoder-only Mask Transformer (VidEoMT) is a lightweight encoder-only model for online video segmentation built on a plain Vision Transformer (ViT). It eliminates the need for dedicated tracking modules by introducing a lightweight query propagation mechanism that carries information across frames and employs a query fusion strategy that combines propagated queries with temporally-agnostic learned queries. VidEoMT achieves competitive accuracy while being 5x-10x faster than existing approaches, running at up to 160 FPS with a ViT-L backbone.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/videomt\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2602.17807\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd VidEoMT (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44285\"\u003e#44285\u003c/a\u003e) by \u003ca href=\"https://github.com/NielsRogge\"\u003e\u003ccode\u003e@​NielsRogge\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44285\"\u003e#44285\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUVDoc\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eUVDoc is a machine learning model designed for document image rectification and correction. The main purpose of this model is to carry out geometric transformation on images to correct document distortion, inclination, perspective deformation and other problems in document images. It provides both single input and batched inference capabilities for processing distorted document images.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/uvdoc\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model] Add UVDoc Model Support (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/43385\"\u003e#43385\u003c/a\u003e) by \u003ca href=\"https://github.com/XingweiDeng\"\u003e\u003ccode\u003e@​XingweiDeng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/43385\"\u003e#43385\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJina Embeddings v3\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eThe Jina-Embeddings-v3 is a multilingual, multi-task text embedding model designed for a variety of NLP applications. Based on the XLM-RoBERTa architecture, this model supports Rotary Position Embeddings (RoPE) replacing absolute position embeddings to support long input sequences up to 8192 tokens. Additionally, it features 5 built-in Task-Specific LoRA Adapters that allow the model to generate task-specific embeddings (e.g., for retrieval vs. classification) without increasing inference latency significantly.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/jina_embeddings_v3\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2409.10173\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eJina-Embeddings-V3\u003c/code\u003e Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44251\"\u003e#44251\u003c/a\u003e) by \u003ca href=\"https://github.com/Sai-Suraj-27\"\u003e\u003ccode\u003e@​Sai-Suraj-27\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44251\"\u003e#44251\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMistral4\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eMistral 4 is a powerful hybrid model with the capability of acting as both a general instruction model and a reasoning model. It unifies the capabilities of three different model families - Instruct, Reasoning (previously called Magistral), and Devstral - into a single, unified model. The model features a MoE architecture with 128 experts and 4 active, 119B parameters with 6.5B activated per token, 256k context length, and supports multimodal input with both text and image processing capabilities.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mistral4\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Mistral 4 (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44760\"\u003e#44760\u003c/a\u003e) by \u003ca href=\"https://github.com/juliendenize\"\u003e\u003ccode\u003e@​juliendenize\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44760\"\u003e#44760\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePI0\u003c/h3\u003e\n\u003cp\u003ePI0 is a vision-language-action model for robotics manipulation that jointly processes visual observations and language instructions to generate robot actions. It uses a novel flow matching architecture built on top of a pre-trained vision-language model to inherit Internet-scale semantic knowledge. The model can perform complex dexterous tasks like laundry folding, table cleaning, and assembling boxes across multiple robot platforms including single-arm robots, dual-arm robots, and mobile manipulators.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/pi0\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2410.24164\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd model lerobot PI0 to transformers (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44160\"\u003e#44160\u003c/a\u003e) by \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/44160\"\u003e#44160\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSLANeXt\u003c/h3\u003e\n\u003cp\u003eSLANeXt is a series of dedicated lightweight models for table structure recognition, focusing on accurately recognizing table structures in documents and natural scenes. The SLANeXt series is a new generation of table structure recognition models independently developed by the Baidu PaddlePaddle Vision Team, with dedicated weights trained separately for wired and wireless tables. The recognition ability for all types of tables has been significantly improved, especially for wired tables.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/276f1402020831d949c2e1a80574a5603995de23\"\u003e\u003ccode\u003e276f140\u003c/code\u003e\u003c/a\u003e v5.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/16d437e43adffaef9cd60070563f2afe6a5703a4\"\u003e\u003ccode\u003e16d437e\u003c/code\u003e\u003c/a\u003e fix: protect torch imports in processing files and fix import guards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/97b7727e1129bcaebe42ce57ce37fa1a48847a89\"\u003e\u003ccode\u003e97b7727\u003c/code\u003e\u003c/a\u003e Fix release full (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45029\"\u003e#45029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/78bdaf0b39c29737b9ca48a274ef4a34bdafd4d1\"\u003e\u003ccode\u003e78bdaf0\u003c/code\u003e\u003c/a\u003e Add cohere asr (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45023\"\u003e#45023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e895107784ea68cd80e101acda5eb53aa07b9392\"\u003e\u003ccode\u003ee895107\u003c/code\u003e\u003c/a\u003e docs: add PermuteForRope to conversion operations reverse table (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45035\"\u003e#45035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/67100ccaad9b406d05a1214d95293cb0623b7890\"\u003e\u003ccode\u003e67100cc\u003c/code\u003e\u003c/a\u003e [CB] Persistent manager (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44435\"\u003e#44435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/69f9d552e9f7977291e707f1ae260c64193ea6ab\"\u003e\u003ccode\u003e69f9d55\u003c/code\u003e\u003c/a\u003e Add BC for \u003ccode\u003e_further_process_kwargs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45033\"\u003e#45033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e3f7cc3b4a5499c52ad56c72cad295de562f5b54\"\u003e\u003ccode\u003ee3f7cc3\u003c/code\u003e\u003c/a\u003e Use multi runners to check new failing tests in a CI run (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45032\"\u003e#45032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/882ffdbbd6b8ad50feaa860d702e70950cfc95d0\"\u003e\u003ccode\u003e882ffdb\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Use the correct _tied_weights_keys for CamembertForCausalLM (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45031\"\u003e#45031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d81ad48109331f910fd81f699869855cbd50f681\"\u003e\u003ccode\u003ed81ad48\u003c/code\u003e\u003c/a\u003e change dev ver. we forgot to do this when we released 5.3.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.3.0...v5.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.3 to 2.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.4 (Mar 29, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.4 Release Notes\u003c/h1\u003e\n\u003cp\u003eThe NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3\nrelease. It should finally close issue \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e, the OpenBLAS threading problem\non ARM.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 8 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eDaniel Haag +\u003c/li\u003e\n\u003cli\u003eDenis Prokopenko +\u003c/li\u003e\n\u003cli\u003eHarshith J +\u003c/li\u003e\n\u003cli\u003eKoki Watanabe\u003c/li\u003e\n\u003cli\u003eMarten van Kerkwijk\u003c/li\u003e\n\u003cli\u003eMatti Picus\u003c/li\u003e\n\u003cli\u003eNathan Goldbaum\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 7 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/30978\"\u003e#30978\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31049\"\u003e#31049\u003c/a\u003e: BUG: Add test to reproduce problem described in \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30816\"\u003e#30816\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30818\"\u003e#30818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31052\"\u003e#31052\u003c/a\u003e: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31035\"\u003e#31035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31053\"\u003e#31053\u003c/a\u003e: BUG: avoid warning on ufunc with where=True and no output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31058\"\u003e#31058\u003c/a\u003e: DOC: document caveats of ndarray.resize on 3.14 and newer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31079\"\u003e#31079\u003c/a\u003e: TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31084\"\u003e#31084\u003c/a\u003e: MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/be93fe2960dbf49b4647f5783c66d967fb2c65b5\"\u003e\u003ccode\u003ebe93fe2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31090\"\u003e#31090\u003c/a\u003e from charris/prepare-2.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/f5245dc7ea5c6279c59cb0d5de81113229841290\"\u003e\u003ccode\u003ef5245dc\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/02e838ba270a5ca3dd8afc5a31c090cd34a56615\"\u003e\u003ccode\u003e02e838b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31084\"\u003e#31084\u003c/a\u003e from charris/backport-31056\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/fa74b2d05f8f7604bf6635d5280c3216c8ec667f\"\u003e\u003ccode\u003efa74b2d\u003c/code\u003e\u003c/a\u003e MAINT: numpy.i: Replace deprecated \u003ccode\u003esprintf\u003c/code\u003e with \u003ccode\u003esnprintf\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31056\"\u003e#31056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/533a6db96dfa2556a61102a58c35fd64eaf3fa2b\"\u003e\u003ccode\u003e533a6db\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31079\"\u003e#31079\u003c/a\u003e from charris/backport-20801\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9e496cbd0a281195bd779ae1833f2a8f4a1d46a7\"\u003e\u003ccode\u003e9e496cb\u003c/code\u003e\u003c/a\u003e TST: fix POWER VSX feature mapping (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/30801\"\u003e#30801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8052c4b69ef18e582709af946f93f9e58b848f39\"\u003e\u003ccode\u003e8052c4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31058\"\u003e#31058\u003c/a\u003e from charris/backport-31021\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/7f13b5ad2b69fd6ea6aa3af7036b2dcf98e96486\"\u003e\u003ccode\u003e7f13b5a\u003c/code\u003e\u003c/a\u003e MAINT: Skip test on PyPy.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/4c5fdd66c8f379a1e2b3f40fa62bd0b87769d1c7\"\u003e\u003ccode\u003e4c5fdd6\u003c/code\u003e\u003c/a\u003e MAINT: Remove unused import of tracemalloc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/a3ca5ed354b26e0fd6e35bf29765a24271ed7c3a\"\u003e\u003ccode\u003ea3ca5ed\u003c/code\u003e\u003c/a\u003e Update numpy/_core/src/multiarray/shape.c\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.3...v2.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hdbscan` from 0.8.41 to 0.8.42\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/releases\"\u003ehdbscan's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erelease-0.8.42\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix outlier scores by \u003ca href=\"https://github.com/JelmerBot\"\u003e\u003ccode\u003e@​JelmerBot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/697\"\u003escikit-learn-contrib/hdbscan#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequences in docstring by \u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCI: Build Windows wheels for CPython 3.10–3.13 (GitHub Actions) by \u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid escape sequence warning in robust_single_linkage docstring by \u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse manylinux_2_8 to build wheels on linux by \u003ca href=\"https://github.com/gclendenning\"\u003e\u003ccode\u003e@​gclendenning\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/701\"\u003escikit-learn-contrib/hdbscan#701\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timmooren\"\u003e\u003ccode\u003e@​timmooren\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/698\"\u003escikit-learn-contrib/hdbscan#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andrijajovanovic98\"\u003e\u003ccode\u003e@​andrijajovanovic98\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/699\"\u003escikit-learn-contrib/hdbscan#699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bentoviml\"\u003e\u003ccode\u003e@​bentoviml\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/pull/703\"\u003escikit-learn-contrib/hdbscan#703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ehttps://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/f62160e304b0dd45f58c93de9dc75c5d2c4c2d0b\"\u003e\u003ccode\u003ef62160e\u003c/code\u003e\u003c/a\u003e Update setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/1b8973f0c90161164b6d1e86f979551b65be3e68\"\u003e\u003ccode\u003e1b8973f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/701\"\u003e#701\u003c/a\u003e from gclendenning/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8b0f0684ad1640065259bdd2de02f7e19193c5c4\"\u003e\u003ccode\u003e8b0f068\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/703\"\u003e#703\u003c/a\u003e from bentoviml/fix-docstring-escape-warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/536440435510ba6fd7a0262bba1e2b0468cc7c32\"\u003e\u003ccode\u003e5364404\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequence warning in robust_single_linkage docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/a651934d04230f83999bb4d14e532759879e03e9\"\u003e\u003ccode\u003ea651934\u003c/code\u003e\u003c/a\u003e Use manylinux_2_8 to build wheels on linux\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/92ab72f08e64537c1d2706418286a59a8560a6d7\"\u003e\u003ccode\u003e92ab72f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/699\"\u003e#699\u003c/a\u003e from andrijajovanovic98/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/74adc5ab88ac3789125692d3ecaa435cb15f97f1\"\u003e\u003ccode\u003e74adc5a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/scikit-learn-contrib/hdbscan/issues/698\"\u003e#698\u003c/a\u003e from timmooren/fix-docstring-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/6f72f71730e436c2d6b9499737d08b6b2a587d2f\"\u003e\u003ccode\u003e6f72f71\u003c/code\u003e\u003c/a\u003e Fix invalid escape sequences in docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/d2134e5ab313754d1b55f1b5eae84f5433f3719c\"\u003e\u003ccode\u003ed2134e5\u003c/code\u003e\u003c/a\u003e python 310\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/commit/8c8d03273a5684a7c7183d7e0b6e45021f0beaeb\"\u003e\u003ccode\u003e8c8d032\u003c/code\u003e\u003c/a\u003e p313\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn-contrib/hdbscan/compare/release-0.8.41...release-0.8.42\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `alembic` from 1.14.0 to 1.18.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.4\u003c/h1\u003e\n\u003cp\u003eReleased: February 10, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [operations]\u003c/strong\u003e Reverted the behavior of \u003ccode\u003eOperations.add_column()\u003c/code\u003e that would\nautomatically render the \u0026quot;PRIMARY KEY\u0026quot; keyword inline when a\n\u003ccode\u003eColumn\u003c/code\u003e with \u003ccode\u003eprimary_key=True\u003c/code\u003e is added. The automatic\nbehavior, added in version 1.18.2, is now opt-in via the new\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter. This\nchange restores the ability to render a PostgreSQL SERIAL column, which is\nrequired to be \u003ccode\u003eprimary_key=True\u003c/code\u003e, while not impacting the ability to\nrender a separate primary key constraint. This also provides consistency\nwith the \u003ccode\u003eOperations.add_column.inline_references\u003c/code\u003e parameter and\ngives users explicit control over SQL generation.\u003c/p\u003e\n\u003cp\u003eTo render PRIMARY KEY inline, use the\n\u003ccode\u003eOperations.add_column.inline_primary_key\u003c/code\u003e parameter set to\n\u003ccode\u003eTrue\u003c/code\u003e:\u003c/p\u003e\n\u003cp\u003eop.add_column(\n\u0026quot;my_table\u0026quot;,\nColumn(\u0026quot;id\u0026quot;, Integer, primary_key=True),\ninline_primary_key=True\n)References: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1232\"\u003e#1232\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.18.3\u003c/h1\u003e\n\u003cp\u003eReleased: January 29, 2026\u003c/p\u003e\n\u003ch2\u003ebug\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[bug] [autogenerate]\u003c/strong\u003e Fixed regression in version 1.18.0 due to \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e where autogenerate\nwould raise \u003ccode\u003eNoReferencedTableError\u003c/code\u003e when a foreign key constraint\nreferenced a table that was not part of the initial table load, including\ntables filtered out by the\n\u003ccode\u003eEnvironmentContext.configure.include_name\u003c/code\u003e callable or tables\nin remote schemas that were not included in the initial reflection run.\u003c/p\u003e\n\u003cp\u003eThe change in \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e was a performance optimization that eliminated\nadditional reflection queries for tables that were only referenced by\nforeign keys but not explicitly included in the main reflection run.\nHowever, this optimization inadvertently removed the creation of\n\u003ccode\u003eTable\u003c/code\u003e objects for these referenced tables, causing autogenerate\nto fail when processing foreign key constraints that pointed to them.\u003c/p\u003e\n\u003cp\u003eThe fix creates placeholder \u003ccode\u003eTable\u003c/code\u003e objects for foreign key targets\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `email-validator` from 2.2.0 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/releases\"\u003eemail-validator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md\"\u003eemail-validator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.0 (August 26, 2025)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.\u003c/li\u003e\n\u003cli\u003eThe library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new \u003ccode\u003estrict=True\u003c/code\u003e parameter, and the overall 254 character email address length limit is still in place.\u003c/li\u003e\n\u003cli\u003eNew EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003eallow_display_name=True\u003c/code\u003e, display names are now returned with Unicode NFC normalization.\u003c/li\u003e\n\u003cli\u003eTypeError is now raised if something other than str (or bytes) is passed as the email address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/030a63a183a6a66450e98381ca9a23ab9769706a\"\u003e\u003ccode\u003e030a63a\u003c/code\u003e\u003c/a\u003e Version 2.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/e943a0f07f5c130b4a419e0cd79f705f36bf24fe\"\u003e\u003ccode\u003ee943a0f\u003c/code\u003e\u003c/a\u003e Raise TypeError when an invalid argument is passed for email, closes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/155\"\u003e#155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/f90d256045dc1ccbcffd5514189267d14a9e3ea1\"\u003e\u003ccode\u003ef90d256\u003c/code\u003e\u003c/a\u003e Remove local part length check unless new strict flag is given, fixes \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/158\"\u003e#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/98800bac023b8713351393a5043034065f1ea6cb\"\u003e\u003ccode\u003e98800ba\u003c/code\u003e\u003c/a\u003e Add explicit checks for internationalized domain name characters invalid unde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/936aead3bf5c608f8561954e0d2955b7f97bfdad\"\u003e\u003ccode\u003e936aead\u003c/code\u003e\u003c/a\u003e Fix final syntax checks on normalized internationalized domains checking the ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/8043de49596f08d54a07e2bc7c442ced074216a6\"\u003e\u003ccode\u003e8043de4\u003c/code\u003e\u003c/a\u003e NFC-normalize display names per UTS \u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/39\"\u003e#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/bc08faa2a74b51a9e7ba7ff4f995c0b475cb5b12\"\u003e\u003ccode\u003ebc08faa\u003c/code\u003e\u003c/a\u003e Add one-off error messages for full-width-at and small-commercial-at which ar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/a1c90ab58fb0f5d969a8351a68ca15bff068527c\"\u003e\u003ccode\u003ea1c90ab\u003c/code\u003e\u003c/a\u003e Split exceptions_types.py into exceptions.py and types.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/dbcf07cc5c8066c14b6dc58d2dbb4a1e582eeefd\"\u003e\u003ccode\u003edbcf07c\u003c/code\u003e\u003c/a\u003e Change package name from using underscore to dash to match PyPi normalized pa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JoshData/python-email-validator/commit/7c22208ee5b82c377e960ddcea5293691eadc6cc\"\u003e\u003ccode\u003e7c22208\u003c/code\u003e\u003c/a\u003e Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (\u003ca href=\"https://redirect.github.com/JoshData/python-email-validator/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/JoshData/python-email-validator/compare/v2.2.0...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.115.0 to 0.135.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.135.2\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Increase lower bound to \u003ccode\u003epydantic \u0026gt;=2.9.0.\u003c/code\u003e and fix the test suite. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15139\"\u003e#15139\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add missing last release notes dates. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15202\"\u003e#15202\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs for contributors and team members regarding translation PRs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15200\"\u003e#15200\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15094\"\u003e#15094\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix duplicated words in docstrings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15116\"\u003e#15116\u003c/a\u003e by \u003ca href=\"https://github.com/AhsanSheraz\"\u003e\u003ccode\u003e@​AhsanSheraz\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs for \u003ccode\u003epyproject.toml\u003c/code\u003e with \u003ccode\u003eentrypoint\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15075\"\u003e#15075\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update links in docs to no longer use the classes external-link and internal-link. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15061\"\u003e#15061\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add JS and CSS handling for automatic \u003ccode\u003etarget=_blank\u003c/code\u003e for links in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15063\"\u003e#15063\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Update styles for internal and external links in new tab. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15058\"\u003e#15058\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝  Add documentation for the FastAPI VS Code extension. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15008\"\u003e#15008\u003c/a\u003e by \u003ca href=\"https://github.com/savannahostrowski\"\u003e\u003ccode\u003e@​savannahostrowski\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix doctrings for \u003ccode\u003emax_digits\u003c/code\u003e and \u003ccode\u003edecimal_places\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/14944\"\u003e#14944\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15001\"\u003e#15001\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15177\"\u003e#15177\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15178\"\u003e#15178\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15176\"\u003e#15176\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15175\"\u003e#15175\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15171\"\u003e#15171\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15170\"\u003e#15170\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15172\"\u003e#15172\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15168\"\u003e#15168\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15167\"\u003e#15167\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15169\"\u003e#15169\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15165\"\u003e#15165\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15163\"\u003e#15163\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15160\"\u003e#15160\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15158\"\u003e#15158\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15157\"\u003e#15157\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15159\"\u003e#15159\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15155\"\u003e#15155\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15154\"\u003e#15154\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15156\"\u003e#15156\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-and-add). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15152\"\u003e#15152\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (add-missing). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15153\"\u003e#15153\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Exclude spam comments from statistics in \u003ccode\u003escripts/people.py\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15088\"\u003e#15088\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.7 to 1.6.9. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15128\"\u003e#15128\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15143\"\u003e#15143\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ujson from 5.11.0 to 5.12.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15150\"\u003e#15150\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Tweak translation workflow and translation fixer tool. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15166\"\u003e#15166\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/25a3697cedc6e7dfb84e93c8ff965801486f00f4\"\u003e\u003ccode\u003e25a3697\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.135.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ab125daa4034435777853a2c5a6c47451414f9aa\"\u003e\u003ccode\u003eab125da\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/122b6d490f844b6f716855d55a3e11237b7fb61f\"\u003e\u003ccode\u003e122b6d4\u003c/code\u003e\u003c/a\u003e 📝 Add missing last release notes dates (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15202\"\u003e#15202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/68ac0ab91e9b14c418013790fc0e420a827686b5\"\u003e\u003ccode\u003e68ac0ab\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ea6e287eb398afe6a82c3ef71780e8451813f674\"\u003e\u003ccode\u003eea6e287\u003c/code\u003e\u003c/a\u003e 📝 Update docs for contributors and team members regarding translation PRs (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d0a6f208c5cb5daaa1de5ea5187729e3789d1dce\"\u003e\u003ccode\u003ed0a6f20\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fd9e192cf4fae399c0d51dd23e2a137052eb6087\"\u003e\u003ccode\u003efd9e192\u003c/code\u003e\u003c/a\u003e 💄 Fix code blocks in reference docs overflowing table width (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15094\"\u003e#15094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/fce9460f865928eb7d0393d8809bbc472e0c21cd\"\u003e\u003ccode\u003efce9460\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/0227991a01e61bf5cdd93cc00e9e243f52b47a4a\"\u003e\u003ccode\u003e0227991\u003c/code\u003e\u003c/a\u003e 🔨 Exclude spam comments from statistics in \u003ccode\u003escripts/people.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15088\"\u003e#15088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cbd64b09a32681d3b0ea097608bc62eb0d1587e0\"\u003e\u003ccode\u003ecbd64b0\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.0...0.135.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psycopg2-binary` from 2.9.10 to 2.9.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psycopg/psycopg2/blob/master/NEWS\"\u003epsycopg2-binary's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCurrent release\u003c/h2\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.11\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAvoid a segfault passing more arguments than placeholders if Python is built\nwith assertions enabled (:ticket:\u003ccode\u003e[#1791](https://github.com/psycopg/psycopg2/issues/1791)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAdd riscv64 platform binary packages (:ticket:\u003ccode\u003e[#1813](https://github.com/psycopg/psycopg2/issues/1813)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 18.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.10\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eReceive notifications on commit (:ticket:\u003ccode\u003e[#1728](https://github.com/psycopg/psycopg2/issues/1728)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e~psycopg2.errorcodes\u003c/code\u003e map and \u003ccode\u003e~psycopg2.errors\u003c/code\u003e classes updated to\nPostgreSQL 17.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.9\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12.\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.6.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.8\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWheel package bundled with PostgreSQL 16 libpq in order to add support for\nrecent features, such as \u003ccode\u003esslcertmode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.7\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix propagation of exceptions raised during module initialization\n(:ticket:\u003ccode\u003e[#1598](https://github.com/psycopg/psycopg2/issues/1598)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFix building when pg_config returns an empty string (:ticket:\u003ccode\u003e[#1599](https://github.com/psycopg/psycopg2/issues/1599)\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWheel package bundled with OpenSSL 1.1.1v.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat's new in psycopg 2.9.6\n^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/fd9ae8cad2bcfc3e7e9410e7b6f07cda8f4f05ec\"\u003e\u003ccode\u003efd9ae8c\u003c/code\u003e\u003c/a\u003e chore: bump to version 2.9.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d923840546942534f0956d9202f914fd9feac5fd\"\u003e\u003ccode\u003ed923840\u003c/code\u003e\u003c/a\u003e chore: update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/d42dc7169d3cd93517e282e9ef5dc2a2b40650a2\"\u003e\u003ccode\u003ed42dc71\u003c/code\u003e\u003c/a\u003e Merge branch 'fix-1791'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4fde6560c32f06ad1304404c9f7f86148dcc4be0\"\u003e\u003ccode\u003e4fde656\u003c/code\u003e\u003c/a\u003e fix: avoid failed assert passing more arguments than placeholders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/8308c19d6af0d904b313997539ed33415990a74e\"\u003e\u003ccode\u003e8308c19\u003c/code\u003e\u003c/a\u003e fix: drop warning about the use of deprecated PyWeakref_GetObject function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1a1eabf098a3374409bb2ab4b594777b900f396d\"\u003e\u003ccode\u003e1a1eabf\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7 to 8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/897af8b38beda851d7257dfc525129e37c0ec9e0\"\u003e\u003ccode\u003e897af8b\u003c/code\u003e\u003c/a\u003e build(deps): bump peter-evans/repository-dispatch from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/ceefd305117113ca10e383a626e87ba0796f3638\"\u003e\u003ccode\u003eceefd30\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/4dc585430cabe94cee96c5a9de0265d0f55370f1\"\u003e\u003ccode\u003e4dc5854\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/setup-python from 5 to 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psycopg/psycopg2/commit/1945788dcf6172bb1b9328ebc3587ccf0e6a659c\"\u003e\u003ccode\u003e1945788\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psycopg/psycopg2/issues/1802\"\u003e#1802\u003c/a\u003e from edgarrmondragon/cp314-wheels\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psycopg/psycopg2/compare/2.9.10...2.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.2 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.6.1 to 2.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Deterministic alias selection when using validate_by_name by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/707\"\u003epydantic/pydantic-settings#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd deep merge functionality to config file sources by \u003ca href=\"https://github.com/pmeier\"\u003e\u003ccode\u003e@​pmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/698\"\u003epydantic/pydantic-settings#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for AWS Secrets Manager VersionId parameter by \u003ca href=\"https://github.com/jcyamacho\"\u003e\u003ccode\u003e@​jcyamacho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/708\"\u003epydantic/pydantic-settings#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebugfix: Return \u003ccode\u003eNone\u003c/code\u003e for inaccessible GCP Secret Manager secrets by \u003ca href=\"https://github.com/zaphod72\"\u003e\u003ccode\u003e@​zaphod72\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/712\"\u003epydantic/pydantic-settings#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBugfix for cli_kebab_case=\u0026quot;all\u0026quot; and CliImplicitFlag[bool] by \u003ca href=\"https://github.com/Digity101\"\u003e\u003ccode\u003e@​Digity101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/702\"\u003epydantic/pydantic-settings#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUnpack type alisases when looking for \u003ccode\u003eNoDecode\u003c/code\u003e by \u003ca href=\"https://github.com/tselepakis\"\u003e\u003ccode\u003e@​tselepakis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/695\"\u003epydantic/pydantic-settings#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCliToggleFlag and CliDualFlag by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https...\n\n_Description has been truncated_","html_url":"https://github.com/smario-7/zebrapoint/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smario-7%2Fzebrapoint/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":"/backend","pr_created_at":"2026-03-30T01:30:09.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4166384738","node_id":"PR_kwDOQnJBfs7Oc6uZ","number":524,"state":"open","title":"chore(deps): bump ecdsa from 0.19.1 to 0.19.2 in /backend","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T01:30:09.000Z","updated_at":"2026-03-30T01:32:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ecdsa\u0026package-manager=pip\u0026previous-version=0.19.1\u0026new-version=0.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/BrightonDube/BizPilot2/pull/524","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrightonDube%2FBizPilot2/issues/524","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/524/packages"}},{"old_version":"0.19.1","new_version":"0.19.2","update_type":"patch","path":null,"pr_created_at":"2026-03-29T04:27:04.000Z","version_change":"0.19.1 → 0.19.2","issue":{"uuid":"4162490030","node_id":"PR_kwDOQNDrGs7OV_N9","number":317,"state":"open","title":"Bump the pip group across 3 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python","compliance:pass"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-29T04:27:04.000Z","updated_at":"2026-03-29T04:27:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":3,"packages":[{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"cryptography","old_version":"46.0.5","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the / directory: [cryptography](https://github.com/pyca/cryptography), [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) and [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /client directory: [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /server directory: [cryptography](https://github.com/pyca/cryptography) and [ecdsa](https://github.com/tlsfuzzer/python-ecdsa).\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.5 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.5...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kumpeapps/managed-nebula/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kumpeapps/managed-nebula/pull/317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kumpeapps%2Fmanaged-nebula/issues/317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/317/packages"}}]}