{"id":10126,"name":"h2","ecosystem":"pip","repository_url":"https://github.com/python-hyper/h2","issues_count":259,"created_at":"2025-06-06T22:44:00.102Z","updated_at":"2025-06-06T22:44:00.102Z","purl":"pkg:pypi/h2","metadata":{"id":2755075,"name":"h2","ecosystem":"pypi","description":"Pure-Python HTTP/2 protocol implementation","homepage":"https://github.com/python-hyper/h2/","licenses":"The MIT License (MIT)  Copyright (c) 2015-2020 Cory Benfield and contributors  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.  THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ","normalized_licenses":["Other"],"repository_url":"https://github.com/python-hyper/h2","keywords_array":[],"namespace":null,"versions_count":45,"first_release_published_at":"2023-08-21T10:20:49.908Z","latest_release_published_at":"2025-02-01T11:02:26.000Z","latest_release_number":"4.2.0","last_synced_at":"2025-06-06T11:02:09.416Z","created_at":"2022-04-10T11:12:46.225Z","updated_at":"2025-06-06T11:02:09.416Z","registry_url":"https://pypi.org/project/h2/","install_command":"pip install h2 --index-url https://pypi.org/simple","documentation_url":"https://python-hyper.org/","metadata":{"funding":null,"documentation":"https://python-hyper.org/","classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: MIT License","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy"],"normalized_name":"h2"},"repo_metadata":{"id":42978803,"uuid":"37996233","full_name":"python-hyper/h2","owner":"python-hyper","description":"HTTP/2 State-Machine based protocol implementation","archived":false,"fork":false,"pushed_at":"2024-08-22T17:18:00.000Z","size":9195,"stargazers_count":952,"open_issues_count":32,"forks_count":151,"subscribers_count":37,"default_branch":"master","last_synced_at":"2024-09-06T14:42:11.832Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://h2.readthedocs.io/en/stable","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/python-hyper.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-06-24T16:22:19.000Z","updated_at":"2024-09-06T12:16:59.000Z","dependencies_parsed_at":"2024-01-15T18:47:05.181Z","dependency_job_id":"47de0bbc-d042-4fa9-8cc3-76fdade5cf5d","html_url":"https://github.com/python-hyper/h2","commit_stats":{"total_commits":1213,"total_committers":56,"mean_commits":"21.660714285714285","dds":0.3355317394888706,"last_synced_commit":"0dd0bf2e76b1c7c55f789ba5c790787f30246882"},"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/python-hyper","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":218156192,"owners_count":16286237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"python-hyper","name":"Hyper","uuid":"13035907","kind":"organization","description":"HTTP for Python","email":null,"website":"http://hyper.readthedocs.org","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/13035907?v=4","repositories_count":17,"last_synced_at":"2024-03-25T20:04:47.277Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/python-hyper","funding_links":[],"total_stars":3694,"followers":54,"following":0,"created_at":"2022-11-02T16:24:51.582Z","updated_at":"2024-03-25T20:04:47.290Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/python-hyper","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/python-hyper/repositories"},"tags":[{"name":"v4.1.0","sha":"799b1eab3958aa3fcbab8f5eca39e8d17f7c1cf9","kind":"commit","published_at":"2021-10-05T18:19:03.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v4.1.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"a05a8cc3ae1646ddc45b36d40bd55a1ce8abb34b","kind":"commit","published_at":"2020-09-19T13:49:11.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v4.0.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v4.0.0/manifests"},{"name":"v3.2.0","sha":"570dc7daa480d34bcf0676e88d241112c51b1796","kind":"commit","published_at":"2020-02-08T16:37:55.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v3.2.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.2.0/manifests"},{"name":"v3.1.1","sha":"2d511253040aa3095fef10791b740b996cc9646a","kind":"commit","published_at":"2019-08-02T12:53:11.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v3.1.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"89191147da4626d84eb3009f203aba2280df5035","kind":"commit","published_at":"2019-01-21T18:51:24.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v3.1.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.1.0/manifests"},{"name":"v3.0.1","sha":"621dc4ba64a1e06750812094d86df6eca5d76fd9","kind":"commit","published_at":"2017-04-03T07:59:00.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v3.0.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.0.1/manifests"},{"name":"v2.6.2","sha":"9dbfa1341a9334c872be475146032997c5972b67","kind":"commit","published_at":"2017-04-03T07:46:28.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.6.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.2/manifests"},{"name":"v2.5.4","sha":"ab7bac1587875105c939d28eb256ac3e51e8eb4a","kind":"commit","published_at":"2017-04-03T07:35:46.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.5.4","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.4/manifests"},{"name":"v3.0.0","sha":"b42850be83fbde1eb0bc32a4bf9085f8a76bfa6a","kind":"commit","published_at":"2017-03-24T16:17:47.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v3.0.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v3.0.0/manifests"},{"name":"v2.6.1","sha":"4c62ce4a33bd426bfd0c65f94461e47fec76ef5a","kind":"commit","published_at":"2017-03-16T09:15:24.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.6.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.1/manifests"},{"name":"v2.5.3","sha":"81de146c107df79290433fc320bf9feaa792ea86","kind":"commit","published_at":"2017-03-16T09:09:23.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.5.3","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.3/manifests"},{"name":"v2.4.4","sha":"dda084e928064c8bce8373d5eec31f3e91173062","kind":"commit","published_at":"2017-03-16T08:58:19.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.4.4","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.4/manifests"},{"name":"v2.6.0","sha":"e98f3e5323efc0f31c296fedb92ca037843a44f7","kind":"commit","published_at":"2017-02-28T09:20:30.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.6.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.6.0/manifests"},{"name":"v2.5.2","sha":"de550f7fb65ebb42266363552c9550caa1ec5260","kind":"commit","published_at":"2017-01-27T14:34:57.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.5.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.2/manifests"},{"name":"v2.4.3","sha":"59650fc095f65f852f9c5654abed0ba3cc46efc9","kind":"commit","published_at":"2017-01-27T14:32:20.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.4.3","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.3/manifests"},{"name":"v2.3.4","sha":"1bbbf39f2bc68827fa719ad0001ed4a8a3b5ea04","kind":"commit","published_at":"2017-01-27T14:28:22.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.3.4","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.4/manifests"},{"name":"v2.5.1","sha":"b22812c59f3e8f1a4bd15862936a93372b2e7cbb","kind":"commit","published_at":"2016-12-17T17:15:44.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.5.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.1/manifests"},{"name":"v2.5.0","sha":"4595a5f453a5ddbabc55f1fda628fd372e11b2ae","kind":"commit","published_at":"2016-10-25T12:00:14.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.5.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.5.0/manifests"},{"name":"v2.4.2","sha":"60064aab9dd5f6add5b711f86024cd430fae27a9","kind":"commit","published_at":"2016-10-25T11:54:36.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.4.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.2/manifests"},{"name":"v2.3.3","sha":"3efe68d351dc4babf8b594d15028835031b3a604","kind":"commit","published_at":"2016-10-25T11:47:56.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.3.3","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.3/manifests"},{"name":"v2.2.7","sha":"85aa2efc33cfb2f0f7954cb1622fed1f6a0fa9fe","kind":"commit","published_at":"2016-10-25T11:40:49.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.7","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.7/manifests"},{"name":"v2.4.1","sha":"e85833517d5a92af3d4f61c5ff62c1bf947286aa","kind":"commit","published_at":"2016-08-23T13:39:13.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.4.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.1/manifests"},{"name":"v2.3.2","sha":"c1251bdb52e52571282f3f80dc713f38ce47b8d8","kind":"commit","published_at":"2016-08-23T13:34:59.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.3.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.2/manifests"},{"name":"v2.2.6","sha":"467f77f5855121cdc55c99e904a7e57ca550182b","kind":"commit","published_at":"2016-08-23T13:27:38.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.6","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.6/manifests"},{"name":"v2.4.0","sha":"36a46d21062648321bce57d6b52796b5b2a49ce9","kind":"commit","published_at":"2016-07-01T09:15:50.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.4.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.4.0/manifests"},{"name":"v2.3.1","sha":"c14c2a16ff776b0ced8dfd0fdc4e1814a1c742df","kind":"commit","published_at":"2016-05-12T08:24:02.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.3.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.1/manifests"},{"name":"v2.2.5","sha":"464167340c8f494741032da2f6a31af4e4cc75e7","kind":"commit","published_at":"2016-05-12T08:22:20.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.5","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.5/manifests"},{"name":"v2.3.0","sha":"c89ba5ebbc26b8de8a46c9ae1a88ddeec9ba9689","kind":"commit","published_at":"2016-04-26T09:49:45.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.3.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.3.0/manifests"},{"name":"v2.2.4","sha":"d2dc9d6013ba4507b4592381c0b45074030a064c","kind":"commit","published_at":"2016-04-25T14:56:49.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.4","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.4/manifests"},{"name":"v2.1.5","sha":"181d2418fa84ffe0f4031ac7179cde1341f515dd","kind":"commit","published_at":"2016-04-25T14:23:46.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.5","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.5/manifests"},{"name":"v2.2.3","sha":"cdef31c1183e755dc785761fe28f5083b152b87a","kind":"commit","published_at":"2016-04-13T11:18:36.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.3","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.3/manifests"},{"name":"v2.1.4","sha":"8c57369e2f3f6875e6abade92b7a35eef43344ef","kind":"commit","published_at":"2016-04-13T11:14:11.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.4","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.4/manifests"},{"name":"v2.2.2","sha":"3565f8e102ff0dff9982a472425ddcdd3144cbf8","kind":"commit","published_at":"2016-04-05T13:59:27.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"96b2c4ef92861dba9d93723e45ac4f0fad4b4871","kind":"commit","published_at":"2016-03-23T18:18:13.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"9456c5f18d8e441a8733161ed902e396cc959482","kind":"commit","published_at":"2016-03-23T13:33:53.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.2.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.2.0/manifests"},{"name":"v2.1.3","sha":"2bb89db22787fd1c5b1a4dd8a1a10d9e95d5ebae","kind":"commit","published_at":"2016-03-16T16:04:31.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.3","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.3/manifests"},{"name":"v2.1.2","sha":"9bee3e6b6e867a8617fc14bfafa910f0e8c9745d","kind":"commit","published_at":"2016-02-17T13:58:35.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.2","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.2/manifests"},{"name":"v2.1.1","sha":"1c752b2a167ddd5a4eacb3cb392d062d50886ef4","kind":"commit","published_at":"2016-02-05T14:52:13.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.1/manifests"},{"name":"v2.1.0","sha":"63ace05975851392966b9e50a6fdd473d06083af","kind":"commit","published_at":"2016-02-02T15:00:36.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.1.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"b14817b79c7bb1661e1aa84ef7920c009ef1e75b","kind":"commit","published_at":"2016-01-25T12:15:11.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v2.0.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v2.0.0/manifests"},{"name":"v1.1.1","sha":"c7b559f4b4724358a4bdd633a0fed0d41995c277","kind":"commit","published_at":"2015-11-17T11:19:03.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v1.1.1","html_url":"https://github.com/python-hyper/h2/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"b7f23e91b446e8e843071c46b2df1948b343c2fd","kind":"commit","published_at":"2015-10-28T08:24:58.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v1.1.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.1.0/manifests"},{"name":"v1.0.0","sha":"9618fac6a26f49b40022596de75e574a70d28dca","kind":"commit","published_at":"2015-10-15T17:19:16.000Z","download_url":"https://codeload.github.com/python-hyper/h2/tar.gz/v1.0.0","html_url":"https://github.com/python-hyper/h2/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-hyper%2Fh2/tags/v1.0.0/manifests"}]},"repo_metadata_updated_at":"2024-09-08T14:53:20.777Z","dependent_packages_count":122,"downloads":24834433,"downloads_period":"last-month","dependent_repos_count":6058,"rankings":{"downloads":0.11838032045552749,"dependent_repos_count":0.1273110910659195,"dependent_packages_count":0.2401863072095364,"stargazers_count":2.089086182700298,"forks_count":4.005036143009096,"docker_downloads_count":0.04322655650145174,"average":1.1038711001569714},"purl":"pkg:pypi/h2","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/h2","docker_dependents_count":657,"docker_downloads_count":1422972176,"usage_url":"https://repos.ecosyste.ms/usage/pypi/h2","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/h2/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/h2/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/h2/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/h2/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/h2/related_packages","maintainers":[{"uuid":"pgjones","login":"pgjones","name":null,"email":null,"url":null,"packages_count":18,"html_url":"https://pypi.org/user/pgjones/","role":null,"created_at":"2023-01-24T06:57:38.148Z","updated_at":"2023-01-24T06:57:38.148Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/pgjones/packages"},{"uuid":"SethMichaelLarson","login":"SethMichaelLarson","name":null,"email":null,"url":null,"packages_count":40,"html_url":"https://pypi.org/user/SethMichaelLarson/","role":null,"created_at":"2023-01-24T06:57:38.192Z","updated_at":"2023-01-24T06:57:38.192Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/SethMichaelLarson/packages"},{"uuid":"Lukasa","login":"Lukasa","name":null,"email":null,"url":null,"packages_count":23,"html_url":"https://pypi.org/user/Lukasa/","role":null,"created_at":"2023-01-24T06:57:37.993Z","updated_at":"2023-01-24T06:57:37.993Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/Lukasa/packages"},{"uuid":"kriechi","login":"kriechi","name":null,"email":null,"url":null,"packages_count":12,"html_url":"https://pypi.org/user/kriechi/","role":null,"created_at":"2023-01-24T06:57:37.358Z","updated_at":"2023-01-24T06:57:37.358Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/kriechi/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690419,"maintainers_count":292811,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":220,"unique_repositories_count_past_30_days":4,"recent_issues":[{"uuid":"4538130453","node_id":"PR_kwDOSjgTwM7gHWTi","number":25,"state":"closed","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0 in /apps/server","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T06:11:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T06:08:16.000Z","updated_at":"2026-05-28T06:11:43.000Z","time_to_close":204,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":"/apps/server","ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tenggouwa/Tenggouwa-site/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenggouwa%2FTenggouwa-site/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4476203524","node_id":"PR_kwDOEQn6qs7dAaGc","number":13,"state":"closed","title":"Bump h2 from 3.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":true,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T09:33:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T09:33:39.000Z","updated_at":"2026-05-19T09:33:53.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"3.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 3.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v3.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=3.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/illixion/S-scrape/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/illixion/S-scrape/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/illixion%2FS-scrape/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4425683503","node_id":"PR_kwDOOBPvtM7afuC2","number":22,"state":"open","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T02:18:37.000Z","updated_at":"2026-05-12T02:18:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"urllib3","old_version":"2.2.1","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"idna","old_version":"3.6","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"certifi","old_version":"2024.2.2","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the /packages/sdk/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.7.0` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.7` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.27` |\n| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n\n\nUpdates `urllib3` from 2.2.1 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.1...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2024.2.2 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3....\n\n_Description has been truncated_","html_url":"https://github.com/arthrod/agent-protocol/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fagent-protocol/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"4397170967","node_id":"PR_kwDOSGm4ss7ZD3s4","number":9,"state":"closed","title":"chore(deps): bump the pip group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-07T08:30:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-07T08:09:47.000Z","updated_at":"2026-05-07T22:13:51.000Z","time_to_close":1232,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":4,"packages":[{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"langchain-community","old_version":"0.2.10","new_version":"0.3.27","repository_url":"https://github.com/langchain-ai/langchain-community"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"0.37.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /plugins directory: [h2](https://github.com/python-hyper/h2), [langchain-community](https://github.com/langchain-ai/langchain-community), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-community` from 0.2.10 to 0.3.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-community/releases\"\u003elangchain-community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elibs/community/v0.3.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecommunity[patch]: verify ssl by default in RecursiveUrlLoader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/136\"\u003elangchain-ai/langchain-community#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Change JSON loader to be able to handle UTF-8-BOM files by \u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWriteFileTool should create not existent parent dirs in file_path by \u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:zap: fix: update OpenAI model cost values for accuracy by \u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: Prevent XXE in evernote loader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/139\"\u003elangchain-ai/langchain-community#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease 0.3.27 by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/143\"\u003elangchain-ai/langchain-community#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[USearch]: Intializations of ids in case self.ids is None by \u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: drop langsmith upper bound and release 0.3.26 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/127\"\u003elangchain-ai/langchain-community#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: replace invalid scenexplain algorithm by \u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einfra: specify pyopenssl in extended test deps by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/80\"\u003elangchain-ai/langchain-community#80\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: deprecate Tavily tools in favor of langchain-tavily implementation by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/79\"\u003elangchain-ai/langchain-community#79\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecating hugging face implementation in langchain_community by \u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evectorstores[azure_search]: fix regression in 0.3.24  by \u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: Add cost data for aws bedrock claude 4 series models by \u003ca href=\"https://github.com/AsifMehmood97\"\u003e\u003ccode\u003e@​AsifMehmood97\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/83\"\u003elangchain-ai/langchain-community#83\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove no-untyped-def escapes by \u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add search endpoint for Firecrawl Integration by \u003ca href=\"https://github.com/ftonato\"\u003e\u003ccode\u003e@​ftonato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/87\"\u003elangchain-ai/langchain-community#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: ssl verification should be enabled by default everywhere by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/75\"\u003elangchain-ai/langchain-community#75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle image of size 0 bytes in PyPDFParser by \u003ca href=\"https://github.com/soucosmo\"\u003e\u003ccode\u003e@​soucosmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/84\"\u003elangchain-ai/langchain-community#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add depandabot config by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/90\"\u003elangchain-ai/langchain-community#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHarden Azure ML url validation by \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/88\"\u003elangchain-ai/langchain-community#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update readme by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/95\"\u003elangchain-ai/langchain-community#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epatch: sanitize file extension in HuggingFaceTextToSpeechModelInference by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/101\"\u003elangchain-ai/langchain-community#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: telegram multiformat by \u003ca href=\"https://github.com/jerryyf\"\u003e\u003ccode\u003e@​jerryyf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/89\"\u003elangchain-ai/langchain-community#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: release 0.3.25 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/86\"\u003elangchain-ai/langchain-community#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchain-community/commits/libs/community/v0.3.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.37.2 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.37.2...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Drbambi7/omi/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Drbambi7/omi/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drbambi7%2Fomi/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4272870979","node_id":"PR_kwDOQYh2Ys7S1ayD","number":5,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-17T00:49:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-16T02:33:05.000Z","updated_at":"2026-04-17T00:49:50.000Z","time_to_close":80203,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":12,"packages":[{"name":"langgraph","old_version":"1.0.1","new_version":"1.0.10rc1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"pip","old_version":"25.2","new_version":"26.0","repository_url":"https://github.com/pypa/pip"},{"name":"cryptography","old_version":"45.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"langgraph-checkpoint","old_version":"2.1.2","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langsmith","old_version":"0.4.40","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"protobuf","old_version":"6.31.1","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.46.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 10 updates in the /lib directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.1` | `1.0.10rc1` |\n| [pip](https://github.com/pypa/pip) | `25.2` | `26.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.3` | `46.0.7` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.1.2` | `4.0.0` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.40` | `0.7.31` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `0.49.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n\n\nUpdates `langgraph` from 1.0.1 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: prebuilt 1.0.9 and langgraph 1.1.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7401\"\u003e#7401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: enhance runtime w/ more execution information (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: tool node injection bug (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7391\"\u003e#7391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7356\"\u003e#7356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump pygments from 2.19.2 to 2.20.0 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7354\"\u003e#7354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.20 to 1.2.22 in /libs/prebuilt in the minor-and-patch group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7289\"\u003e#7289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump requests from 2.32.5 to 2.33.0 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7281\"\u003e#7281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7247\"\u003e#7247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7215\"\u003e#7215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/sdk-py with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7197\"\u003e#7197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump orjson from 3.11.5 to 3.11.6 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7145\"\u003e#7145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7135\"\u003e#7135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7120\"\u003e#7120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7102\"\u003e#7102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7072\"\u003e#7072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 4 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7073\"\u003e#7073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph) 1.0.10 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6967\"\u003e#6967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.1...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.2 to 26.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.0 (2026-01-30)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for non-bare project names in egg fragments. Affected users should use\nthe \u003ccode\u003eDirect URL requirement syntax \u0026lt;https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references\u0026gt;\u003c/code\u003e\u003cem\u003e. (\u003ccode\u003e[#13157](https://github.com/pypa/pip/issues/13157) \u0026lt;https://github.com/pypa/pip/issues/13157\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisplay pip's command-line help in colour, if possible. (\u003ccode\u003e[#12134](https://github.com/pypa/pip/issues/12134) \u0026lt;https://github.com/pypa/pip/issues/12134\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport installing dependencies declared with inline script metadata\n(:pep:\u003ccode\u003e723\u003c/code\u003e) with \u003ccode\u003e--requirements-from-script\u003c/code\u003e. (\u003ccode\u003e[#12891](https://github.com/pypa/pip/issues/12891) \u0026lt;https://github.com/pypa/pip/issues/12891\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--all-releases\u003c/code\u003e and \u003ccode\u003e--only-final\u003c/code\u003e options to control pre-release\nand final release selection during package installation. (\u003ccode\u003e[#13221](https://github.com/pypa/pip/issues/13221) \u0026lt;https://github.com/pypa/pip/issues/13221\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e option to only consider packages uploaded prior to\na given datetime when the \u003ccode\u003eupload-time\u003c/code\u003e field is available from a remote index. (\u003ccode\u003e[#13625](https://github.com/pypa/pip/issues/13625) \u0026lt;https://github.com/pypa/pip/issues/13625\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--use-feature inprocess-build-deps\u003c/code\u003e to request that build dependencies are installed\nwithin the same pip install process. This new mechanism is faster, supports \u003ccode\u003e--no-clean\u003c/code\u003e\nand \u003ccode\u003e--no-cache-dir\u003c/code\u003e reliably, and supports prompting for authentication.\u003c/p\u003e\n\u003cp\u003eEnabling this feature will also enable \u003ccode\u003e--use-feature build-constraints\u003c/code\u003e. This feature will\nbecome the default in a future pip version. (\u003ccode\u003e[#9081](https://github.com/pypa/pip/issues/9081) \u0026lt;https://github.com/pypa/pip/issues/9081\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epip cache purge\u003c/code\u003e and \u003ccode\u003epip cache remove\u003c/code\u003e now clean up empty directories\nand legacy files left by older pip versions. (\u003ccode\u003e[#9058](https://github.com/pypa/pip/issues/9058) \u0026lt;https://github.com/pypa/pip/issues/9058\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix selecting pre-release versions when only pre-releases match.\nFor example, \u003ccode\u003epackage\u0026gt;1.0\u003c/code\u003e with versions \u003ccode\u003e1.0, 2.0rc1\u003c/code\u003e now installs\n\u003ccode\u003e2.0rc1\u003c/code\u003e instead of failing. (\u003ccode\u003e[#13746](https://github.com/pypa/pip/issues/13746) \u0026lt;https://github.com/pypa/pip/issues/13746\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRevisions in version control URLs now must be percent-encoded.\nFor example, use \u003ccode\u003egit+https://example.com/repo.git@issue%231\u003c/code\u003e to specify the branch \u003ccode\u003eissue#1\u003c/code\u003e.\nIf you previously used a branch name containing a \u003ccode\u003e%\u003c/code\u003e character in a version control URL, you now need to replace it with \u003ccode\u003e%25\u003c/code\u003e to ensure correct percent-encoding. (\u003ccode\u003e[#13407](https://github.com/pypa/pip/issues/13407) \u0026lt;https://github.com/pypa/pip/issues/13407\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePreserve original casing when a path is displayed. (\u003ccode\u003e[#6823](https://github.com/pypa/pip/issues/6823) \u0026lt;https://github.com/pypa/pip/issues/6823\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix bash completion when the \u003ccode\u003e$IFS\u003c/code\u003e variable has been modified from its default. (\u003ccode\u003e[#13555](https://github.com/pypa/pip/issues/13555) \u0026lt;https://github.com/pypa/pip/issues/13555\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrecompute Python requirements on each candidate, reducing time of long resolutions. (\u003ccode\u003e[#13656](https://github.com/pypa/pip/issues/13656) \u0026lt;https://github.com/pypa/pip/issues/13656\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSkip redundant work converting version objects to strings when using the\n\u003ccode\u003eimportlib.metadata\u003c/code\u003e backend. (\u003ccode\u003e[#13660](https://github.com/pypa/pip/issues/13660) \u0026lt;https://github.com/pypa/pip/issues/13660\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003epip index versions\u003c/code\u003e to honor only-binary/no-binary options. (\u003ccode\u003e[#13682](https://github.com/pypa/pip/issues/13682) \u0026lt;https://github.com/pypa/pip/issues/13682\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix fallthrough logic for options, allowing overriding global options with\ndefaults from user config. (\u003ccode\u003e[#13703](https://github.com/pypa/pip/issues/13703) \u0026lt;https://github.com/pypa/pip/issues/13703\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eUse a path-segment prefix comparison, not char-by-char. (\u003ccode\u003e[#13777](https://github.com/pypa/pip/issues/13777) \u0026lt;https://github.com/pypa/pip/issues/13777\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f4d4a836ed00076001376fbb0ce6dc4f22cdae2\"\u003e\u003ccode\u003e2f4d4a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13779\"\u003e#13779\u003c/a\u003e from notatallshaw/fix-26.0-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/04307a42261749cfa1c86a5537ad88f44ed2a41a\"\u003e\u003ccode\u003e04307a4\u003c/code\u003e\u003c/a\u003e fix 26.0 news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/6ec7b0a488f614a7632442fe7c651957fdb5fc85\"\u003e\u003ccode\u003e6ec7b0a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13775\"\u003e#13775\u003c/a\u003e from notatallshaw/release/26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4104356cd83d1614af45d203d64cb84705dad9d2\"\u003e\u003ccode\u003e4104356\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/58be8836b68814295d33bc5c56c38d3a0659ae81\"\u003e\u003ccode\u003e58be883\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66f2dece5ba9cc0ee9fe7035c46ba4b0756559b5\"\u003e\u003ccode\u003e66f2dec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13778\"\u003e#13778\u003c/a\u003e from ichard26/docs/groups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/0214103df7d7e6e3de3b8352ce3a3135437124f0\"\u003e\u003ccode\u003e0214103\u003c/code\u003e\u003c/a\u003e doc: Re-expose package selection group options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/fdbe7628f3ce5d99ac5962fa9dba9e31f3738fcc\"\u003e\u003ccode\u003efdbe762\u003c/code\u003e\u003c/a\u003e Install pip within docs Nox sessions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735\"\u003e\u003ccode\u003e8e227a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13777\"\u003e#13777\u003c/a\u003e from sethmlarson/commonpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/f5315ad96808c106a5c73936cebd335082be406e\"\u003e\u003ccode\u003ef5315ad\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13776\"\u003e#13776\u003c/a\u003e from ichard26/docs/versionadded\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.2...26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.79 to 1.2.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.30\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.29\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\nchore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.29\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.28\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.28\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.27\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\nfix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.27\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.26\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\nfix(core): handle symlinks in deprecated prompt save path (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.26\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.25\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nfix(core): add init validator and serialization mappings for Bedrock models (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34510\"\u003e#34510\u003c/a\u003e)\nfeat(core): add \u003ccode\u003eChatBaseten\u003c/code\u003e to serializable mapping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36510\"\u003e#36510\u003c/a\u003e)\nchore(core): drop \u003ccode\u003egpt-3.5-turbo\u003c/code\u003e from docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36497\"\u003e#36497\u003c/a\u003e)\nfix(core): correct parameter names in filter_messages docstring example (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36462\"\u003e#36462\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.25\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.24\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.25 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36473\"\u003e#36473\u003c/a\u003e)\nfix(core): harden check for txt files in deprecated prompt loading functions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue resolved in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.24\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.23\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.24 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36434\"\u003e#36434\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8f1c920f7d5f4d8e46eaf922a1c2f6d4458b9e91\"\u003e\u003ccode\u003e8f1c920\u003c/code\u003e\u003c/a\u003e release(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7bafe6f6fff4cfce09c5e5dcfc0d302efebdb3aa\"\u003e\u003ccode\u003e7bafe6f\u003c/code\u003e\u003c/a\u003e chore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/479a2552b304c29ec005e5bf459e9c546087e68d\"\u003e\u003ccode\u003e479a255\u003c/code\u003e\u003c/a\u003e release(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/396711b228f986bb536f2c971dd9663f8b18c864\"\u003e\u003ccode\u003e396711b\u003c/code\u003e\u003c/a\u003e ci: pin all actions to full-length commit SHAs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36621\"\u003e#36621\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36728\"\u003e#36728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dd7c3eb3a4acfc834b038ec9dbde94478c66776e\"\u003e\u003ccode\u003edd7c3eb\u003c/code\u003e\u003c/a\u003e release(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258\"\u003e\u003ccode\u003eaf2ed47\u003c/code\u003e\u003c/a\u003e fix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7e5858d8078124f98f10102da21414689467c132\"\u003e\u003ccode\u003e7e5858d\u003c/code\u003e\u003c/a\u003e release(standard-tests): 1.1.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36610\"\u003e#36610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fe99cb29123b704a90f5c8587a757def3b1471e0\"\u003e\u003ccode\u003efe99cb2\u003c/code\u003e\u003c/a\u003e fix(standard-tests): update standard tests for sandbox backends (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36036\"\u003e#36036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/65bbd47cb2721c51ef8638f9e7da35247c4bfdde\"\u003e\u003ccode\u003e65bbd47\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36596\"\u003e#36596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/64864041168606535dfbd39055c0dca3dd61b5ba\"\u003e\u003ccode\u003e6486404\u003c/code\u003e\u003c/a\u003e release(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.79...langchain-core==1.2.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-checkpoint` from 2.1.2 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-checkpoint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-checkpoint==4.0.0\u003c/h2\u003e\n\u003cp\u003eChanges since checkpoint==3.0.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(checkpoint): InMemorySaver context managers should return self in… (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6529\"\u003e#6529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: docstring for serializer protocol (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6525\"\u003e#6525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: clean up some refs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6487\"\u003e#6487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003epyproject.toml\u003c/code\u003e links (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6364\"\u003e#6364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.5\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: re-use connection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7220\"\u003e#7220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7194\"\u003e#7194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7071\"\u003e#7071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6916\"\u003e#6916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.7 to 1.2.11 in /libs/checkpoint-postgres (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6831\"\u003e#6831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6808\"\u003e#6808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.4\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: storage nits (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6651\"\u003e#6651\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-sqlite==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointsqlite==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: aiosqlite's breaking change (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.2\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c\"\u003e\u003ccode\u003ef91d79d\u003c/code\u003e\u003c/a\u003e fix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/cb2faa7dda0f2ea49d2729361e1802fb233feaa5\"\u003e\u003ccode\u003ecb2faa7\u003c/code\u003e\u003c/a\u003e fix(prebuilt): support generic type arguments for ToolRuntime injection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6509\"\u003e#6509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a5827c5c6193669d3063897e1845a45cfb90d732\"\u003e\u003ccode\u003ea5827c5\u003c/code\u003e\u003c/a\u003e fix: change default recursion limit (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5212369bd0791806083f183cb19ccce024db8790\"\u003e\u003ccode\u003e5212369\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add end-time to crons client (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7045a23148bfb7c7de825776531d163f22241aaa\"\u003e\u003ccode\u003e7045a23\u003c/code\u003e\u003c/a\u003e fix: add \u003ccode\u003estate\u003c/code\u003e attribute to \u003ccode\u003eToolCallRequest\u003c/code\u003e overrides (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6668\"\u003e#6668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/728db10b1f38c9c56f097d2847f0330977d5eba2\"\u003e\u003ccode\u003e728db10\u003c/code\u003e\u003c/a\u003e fix: suppress unintended deprecation warning (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6669\"\u003e#6669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/454af218968b2962b4beeb9a28b9d421f0610694\"\u003e\u003ccode\u003e454af21\u003c/code\u003e\u003c/a\u003e feat(sdk-py): cron.on_run_completed support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b4630d84520e5f8b6c6580f15cd7dada214ef657\"\u003e\u003ccode\u003eb4630d8\u003c/code\u003e\u003c/a\u003e chore: delete docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6488\"\u003e#6488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/311465bbf7751829942b92bc28c5a79e0666710f\"\u003e\u003ccode\u003e311465b\u003c/code\u003e\u003c/a\u003e fix: sanitize namespace for deeply nested graph jumps (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6665\"\u003e#6665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8ccead9560f6cd76537f632d7a310ba41e38f28b\"\u003e\u003ccode\u003e8ccead9\u003c/code\u003e\u003c/a\u003e docs: x-refs and explainer in tool node docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6653\"\u003e#6653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/checkpoint==2.1.2...checkpoint==4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.4.40 to 0.7.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692\"\u003elangchain-ai/langsmith-sdk#2692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.82.0 to 0.84.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684\"\u003elangchain-ai/langsmith-sdk#2684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693\"\u003elangchain-ai/langsmith-sdk#2693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.84.0 to 0.85.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700\"\u003elangchain-ai/langsmith-sdk#2700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699\"\u003elangchain-ai/langsmith-sdk#2699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): Adds ls_agent_type metadata to AI SDK runs by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701\"\u003elangchain-ai/langsmith-sdk#2701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710\"\u003elangchain-ai/langsmith-sdk#2710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pnpm/action-setup from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705\"\u003elangchain-ai/langsmith-sdk#2705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711\"\u003elangchain-ai/langsmith-sdk#2711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.85.0 to 0.86.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702\"\u003elangchain-ai/langsmith-sdk#2702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/github-script from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706\"\u003elangchain-ai/langsmith-sdk#2706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712\"\u003elangchain-ai/langsmith-sdk#2712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709\"\u003elangchain-ai/langsmith-sdk#2709\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708\"\u003elangchain-ai/langsmith-sdk#2708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Filter kwargs from new token events by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714\"\u003elangchain-ai/langsmith-sdk#2714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.31 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716\"\u003elangchain-ai/langsmith-sdk#2716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(python): add service feature to sandbox by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665\"\u003elangchain-ai/langsmith-sdk#2665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): Fix prototype pollution bug in anonymizers by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690\"\u003elangchain-ai/langsmith-sdk#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.5.18 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691\"\u003elangchain-ai/langsmith-sdk#2691\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(js/sandbox): suppress warning log by \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694\"\u003elangchain-ai/langsmith-sdk#2694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): Add metadata to Claude Agent SDK JS tracing by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695\"\u003elangchain-ai/langsmith-sdk#2695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(py): Fix run tree memory leak by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696\"\u003elangchain-ai/langsmith-sdk#2696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.30 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698\"\u003elangchain-ai/langsmith-sdk#2698\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.5.17 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681\"\u003elangchain-ai/langsmith-sdk#2681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(py): Fix race condition around Claude Agent SDK instrumentation by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685\"\u003elangchain-ai/langsmith-sdk#2685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.29 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686\"\u003elangchain-ai/langsmith-sdk#2686\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670\"\u003elangchain-ai/langsmith-sdk#2670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677\"\u003elangchain-ai/langsmith-sdk#2677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667\"\u003elangchain-ai/langsmith-sdk#2667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pnpm/action-setup from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658\"\u003elangchain-ai/langsmith-sdk#2658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/c434999d05c00334efeba88b8bbd2de9f3afbef6\"\u003e\u003ccode\u003ec434999\u003c/code\u003e\u003c/a\u003e release(py): 0.7.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2716\"\u003e#2716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/47d7c4a783333e716395d802e7632f1f1b4744d3\"\u003e\u003ccode\u003e47d7c4a\u003c/code\u003e\u003c/a\u003e feat: Filter kwargs from new token events (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2714\"\u003e#2714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/3c57445b543c9a2f86db52024ea2c998bfc2ffab\"\u003e\u003ccode\u003e3c57445\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2708\"\u003e#2708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/2be6cd01a2b6e35e811488d3561e7b0b57b06f63\"\u003e\u003ccode\u003e2be6cd0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/b8b6ca32d43c919c07a4e13c99a83bcaab8accb0\"\u003e\u003ccode\u003eb8b6ca3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/9897cb33da7698291637f268edd833ca3e1adde6\"\u003e\u003ccode\u003e9897cb3\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/github-script from 8 to 9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2706\"\u003e#2706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/572c0184285747e027a796e03ea6c9ba171e09a6\"\u003e\u003ccode\u003e572c018\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.85.0 to 0.86.0 in /js (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2702\"\u003e#2702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/57447524c88b6bba2775161aa449da32fb8e5c42\"\u003e\u003ccode\u003e5744752\u003c/code\u003e\u003c/a\u003e chore(deps): bump the py-minor-and-patch group across 1 directory with 10 upd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/960cae7f490e9ccbe428e6b56c8047bdb7b942a5\"\u003e\u003ccode\u003e960cae7\u003c/code\u003e\u003c/a\u003e chore(deps): bump pnpm/action-setup from 5 to 6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2705\"\u003e#2705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/9370e7670abf7f8f9a36fbb72250bcfd2f91e7c6\"\u003e\u003ccode\u003e9370e76\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.4.40...v0.7.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.18 to 3.11.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.8\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.7\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a faster library to serialize \u003ccode\u003efloat\u003c/code\u003e. Users with byte-exact regression\ntests should note positive exponents are now written using a \u003ccode\u003e+\u003c/code\u003e, e.g.,\n\u003ccode\u003e1.2e+30\u003c/code\u003e instead of \u003ccode\u003e1.2e30\u003c/code\u003e. Both formats are spec-compliant.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5 free-threading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.6\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.8 - 2026-03-31\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.7 - 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a faster library to serialize \u003ccode\u003efloat\u003c/code\u003e. Users with byte-exact regression\ntests should note positive exponents are now written using a \u003ccode\u003e+\u003c/code\u003e, e.g.,\n\u003ccode\u003e1.2e+30\u003c/code\u003e instead of \u003ccode\u003e1.2e30\u003c/code\u003e. Both formats are spec-compliant.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5 free-threading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.6 - 2026-01-29\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/5cbb3d0398a2f42de51210270286fecd798c5d78\"\u003e\u003ccode\u003e5cbb3d0\u003c/code\u003e\u003c/a\u003e 3.11.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4195d7f263e33076295b75efdcbaf6a55af8674e\"\u003e\u003ccode\u003e4195d7f\u003c/code\u003e\u003c/a\u003e writer::half\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d00641b69410728a735f0855eb1c2843b0a5819b\"\u003e\u003ccode\u003ed00641b\u003c/code\u003e\u003c/a\u003e writer::uuid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c84d9b4ba4853781af943fa5c493e261e2f82b84\"\u003e\u003ccode\u003ec84d9b4\u003c/code\u003e\u003c/a\u003e build and compatibility misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4547234b681fac5e0e0734cf44c21e75f9654e43\"\u003e\u003ccode\u003e4547234\u003c/code\u003e\u003c/a\u003e ffi::numpy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/0d4a5ad1f17a72528ba027554466fdec6580cdeb\"\u003e\u003ccode\u003e0d4a5ad\u003c/code\u003e\u003c/a\u003e datetime PyRef idiom\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/e93a13d372ec956d027e71d023eb534b8445ac85\"\u003e\u003ccode\u003ee93a13d\u003c/code\u003e\u003c/a\u003e Cross-compile avoids maturin v1.12 build-details.json error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/ec2b066cae79ae4a90ed126ac5723335dd99e408\"\u003e\u003ccode\u003eec2b066\u003c/code\u003e\u003c/a\u003e 3.11.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1ca01f78cf4198ec37407d83713afa6e5c53dbf9\"\u003e\u003ccode\u003e1ca01f7\u003c/code\u003e\u003c/a\u003e zmij\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1716a226bd1f38db01503f30cd37b0efec48d88e\"\u003e\u003ccode\u003e1716a22\u003c/code\u003e\u003c/a\u003e cargo update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.18...3.11.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.31.1 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/abi/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fabi/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4271927689","node_id":"PR_kwDOOBPvtM7Syd_8","number":20,"state":"open","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-15T21:52:24.000Z","updated_at":"2026-04-15T21:52:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"urllib3","old_version":"2.2.1","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"idna","old_version":"3.6","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"certifi","old_version":"2024.2.2","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the /packages/sdk/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.6.3` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.7` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.26` |\n| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n\n\nUpdates `urllib3` from 2.2.1 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.1...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.17 (2024-10-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003e#182\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.16 (2024-10-27)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2024.2.2 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e soli...\n\n_Description has been truncated_","html_url":"https://github.com/arthrod/agent-protocol/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fagent-protocol/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4185520466","node_id":"PR_kwDOOfRO387PMvy1","number":5,"state":"open","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T09:31:57.000Z","updated_at":"2026-04-01T09:32:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/secretary/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/secretary/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fsecretary/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4138041883","node_id":"PR_kwDOOcvgF87Nd5Pk","number":22,"state":"closed","title":"Bump the pip group across 4 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T07:02:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T19:42:25.000Z","updated_at":"2026-05-05T07:02:41.000Z","time_to_close":3496814,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":4,"packages":[{"name":"requests","old_version":"2.23.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"requests","old_version":"2.23.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pillow","old_version":"6.2.2","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"1.25.9","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"h2","old_version":"3.0.1","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"requests","old_version":"2.24.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pillow","old_version":"6.2.2","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"1.25.10","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /LayoutTests/imported/w3c/web-platform-tests/tools/wpt directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /LayoutTests/imported/w3c/web-platform-tests/tools/wptrunner directory: [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /LayoutTests/imported/w3c/web-platform-tests/tools/wptserve directory: [h2](https://github.com/python-hyper/h2).\nBumps the pip group with 3 updates in the /WebDriverTests/imported/w3c/tools/wptrunner directory: [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `requests` from 2.23.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.23.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 6.2.2 to 12.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.1.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch libavif for svt-av1 4.0 compatibility \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9413\"\u003e#9413\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix OOB Write with invalid tile extents \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e12.1.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDeprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate getdata(), in favour of new get_flattened_data() \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpecify APNG duration type when opening \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdded release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9350\"\u003e#9350\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9366\"\u003e#9366\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate ImageMorph documentation \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9349\"\u003e#9349\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eDocs: update major bump cadence \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9334\"\u003e#9334\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9070\"\u003e#9070\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9320\"\u003e#9320\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated Ubuntu version \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9306\"\u003e#9306\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9265\"\u003e#9265\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate harfbuzz to 12.3.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9355\"\u003e#9355\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate xz to 5.8.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9343\"\u003e#9343\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libjpeg-turbo to 3.1.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9333\"\u003e#9333\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated zlib-ng to 2.3.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9324\"\u003e#9324\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.53 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9325\"\u003e#9325\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout action to v6 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9323\"\u003e#9323\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependency mypy to v1.19.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9322\"\u003e#9322\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.51 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9305\"\u003e#9305\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated brotli to 1.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9284\"\u003e#9284\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libimagequant to 4.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9301\"\u003e#9301\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate zlib-ng to 2.3.1, except on manylinux2014 aarch64 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9312\"\u003e#9312\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 12.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9289\"\u003e#9289\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate github-actions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9277\"\u003e#9277\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace pre-commit with prek \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9360\"\u003e#9360\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest PyQt6 on Python 3.14 on Windows \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9353\"\u003e#9353\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest 32-bit Windows on Windows Server 2022 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9345\"\u003e#9345\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCorrect variable type \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9335\"\u003e#9335\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9\"\u003e\u003ccode\u003e5158d98\u003c/code\u003e\u003c/a\u003e 12.1.1 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\"\u003e\u003ccode\u003e9000313\u003c/code\u003e\u003c/a\u003e Fix OOB Write with invalid tile extents (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf\"\u003e\u003ccode\u003ecd01118\u003c/code\u003e\u003c/a\u003e Patch libavif for svt-av1 4.0 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/46f45f674d47b5d8bc54230dda8fe9e214598b87\"\u003e\u003ccode\u003e46f45f6\u003c/code\u003e\u003c/a\u003e 12.1.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c9ac097edb5594f63c40acd9afe6802547200379\"\u003e\u003ccode\u003ec9ac097\u003c/code\u003e\u003c/a\u003e Simplify band splitting (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3baedf264804d199bc19458d11bcff02ce7598eb\"\u003e\u003ccode\u003e3baedf2\u003c/code\u003e\u003c/a\u003e Deprecate getdata(), in favour of new get_flattened_data() (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/b51a0366852c1d519d108dfec8fc2d738cd8080f\"\u003e\u003ccode\u003eb51a036\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/8d08e31533065b623399a54bc92b39a756599ad4\"\u003e\u003ccode\u003e8d08e31\u003c/code\u003e\u003c/a\u003e Add release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9369\"\u003e#9369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/432707ea810ae619e2a9e4a9737c169cacaa8eda\"\u003e\u003ccode\u003e432707e\u003c/code\u003e\u003c/a\u003e Added release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/2d589107fb3a4aba8389932a65ff771bf9b4deb1\"\u003e\u003ccode\u003e2d58910\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/6.2.2...12.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.25.9 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.9...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 3.0.1 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v3.0.1...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.24.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 6.2.2 to 12.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.1.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch libavif for svt-av1 4.0 compatibility \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9413\"\u003e#9413\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix OOB Write with invalid tile extents \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e12.1.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDeprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate getdata(), in favour of new get_flattened_data() \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpecify APNG duration type when opening \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdded release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9350\"\u003e#9350\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9366\"\u003e#9366\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate ImageMorph documentation \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9349\"\u003e#9349\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eDocs: update major bump cadence \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9334\"\u003e#9334\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9070\"\u003e#9070\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9320\"\u003e#9320\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated Ubuntu version \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9306\"\u003e#9306\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9265\"\u003e#9265\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate harfbuzz to 12.3.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9355\"\u003e#9355\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate xz to 5.8.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9343\"\u003e#9343\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libjpeg-turbo to 3.1.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9333\"\u003e#9333\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated zlib-ng to 2.3.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9324\"\u003e#9324\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.53 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9325\"\u003e#9325\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout action to v6 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9323\"\u003e#9323\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependency mypy to v1.19.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9322\"\u003e#9322\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.51 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9305\"\u003e#9305\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated brotli to 1.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9284\"\u003e#9284\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libimagequant to 4.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9301\"\u003e#9301\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate zlib-ng to 2.3.1, except on manylinux2014 aarch64 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9312\"\u003e#9312\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 12.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9289\"\u003e#9289\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate github-actions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9277\"\u003e#9277\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace pre-commit with prek \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9360\"\u003e#9360\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest PyQt6 on Python 3.14 on Windows \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9353\"\u003e#9353\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest 32-bit Windows on Windows Server 2022 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9345\"\u003e#9345\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCorrect variable type \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9335\"\u003e#9335\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9\"\u003e\u003ccode\u003e5158d98\u003c/code\u003e\u003c/a\u003e 12.1.1 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\"\u003e\u003ccode\u003e9000313\u003c/code\u003e\u003c/a\u003e Fix OOB Write with invalid tile extents (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf\"\u003e\u003ccode\u003ecd01118\u003c/code\u003e\u003c/a\u003e Patch libavif for svt-av1 4.0 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/46f45f674d47b5d8bc54230dda8fe9e214598b87\"\u003e\u003ccode\u003e46f45f6\u003c/code\u003e\u003c/a\u003e 12.1.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c9ac097edb5594f63c40acd9afe6802547200379\"\u003e\u003ccode\u003ec9ac097\u003c/code\u003e\u003c/a\u003e Simplify band splitting (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3baedf264804d199bc19458d11bcff02ce7598eb\"\u003e\u003ccode\u003e3baedf2\u003c/code\u003e\u003c/a\u003e Deprecate getdata(), in favour of new get_flattened_data() (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/b51a0366852c1d519d108dfec8fc2d738cd8080f\"\u003e\u003ccode\u003eb51a036\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/8d08e31533065b623399a54bc92b39a756599ad4\"\u003e\u003ccode\u003e8d08e31\u003c/code\u003e\u003c/a\u003e Add release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9369\"\u003e#9369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/432707ea810ae619e2a9e4a9737c169cacaa8eda\"\u003e\u003ccode\u003e432707e\u003c/code\u003e\u003c/a\u003e Added release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/2d589107fb3a4aba8389932a65ff771bf9b4deb1\"\u003e\u003ccode\u003e2d58910\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/6.2.2...12.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.25.10 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/saytyarnorngloreia/AppleWebKit-http/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saytyarnorngloreia%2FAppleWebKit-http/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"4095151600","node_id":"PR_kwDONUO8uM7Li10o","number":105,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-18T21:29:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-18T13:30:07.000Z","updated_at":"2026-03-18T21:29:34.000Z","time_to_close":28765,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":18,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eUser-Agent\u003c/code\u003e header when fetching server metadata and JWKs. :issue:\u003ccode\u003e704\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRFC7523 accepts the issuer URL as a valid audience. :issue:\u003ccode\u003e730\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n This PR performs a broad dependency refresh in `uv.lock`, upgrading numerous packages to their latest versions and restructuring lock file metadata.\n- Bumped `dspy` (2.5.6→3.0.4b1), `fastapi` (0.115.2→0.135.1), `openai` (1.52.0→1.109.1), `torch` (2.4.1→2.8.0), `litellm` (1.49.0→1.72.6.post2), and others\n- Added new packages: `annotated-doc`, `cloudpickle`, `gepa`, `hf-xet`, `typing-inspection`\n- Removed packages: `datasets`, `minijinja`, `responses`, `structlog`\n- Split `typing-extensions` into Python version-specific entries (4.12.2 for ≥3.11, 4.15.0 for \u003c3.11)\n- Updated NVIDIA CUDA packages to 12.8.x series; added `nvidia-cufile-cu12` and `nvidia-cusparselt-cu12`\n- Added `upload-time` metadata field to all package entries in the lock file \n\n\n\n\u003c!-- CONFIDENCE_SCORE --\u003e\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean with no detected issues.\n- Zero critical, significant, or medium issues were identified by automated analysis.\n- The heuristic ceiling allows a maximum score of 5/5, consistent with the clean review results.","html_url":"https://github.com/patrik-fredon/langflow/pull/105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/105/packages"},{"uuid":"4062559580","node_id":"PR_kwDODXEXTM7J7ZyX","number":279,"state":"closed","title":"Bump h2 from 4.0.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-12T07:53:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-12T06:40:42.000Z","updated_at":"2026-03-12T07:53:22.000Z","time_to_close":4358,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"4.0.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.0.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.0.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/solarhell/font_obfuscator/pull/279","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/solarhell%2Ffont_obfuscator/issues/279","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/279/packages"},{"uuid":"4061340974","node_id":"PR_kwDONUO8uM7J3l1H","number":100,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-12T00:09:19.000Z","updated_at":"2026-03-12T00:12:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.7","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.7` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eUser-Agent\u003c/code\u003e header when fetching server metadata and JWKs. :issue:\u003ccode\u003e704\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive dependency lock file update upgrading major versions of AI/ML and web framework packages and reorganizing package metadata.\n- Upgraded `openai` 1.52→1.109, `torch` 2.4→2.8, `dspy` 2.5→3.0b1, `fastapi` 0.115→0.135, `starlette` 0.38→0.49\n- Upgraded `protobuf` 4.x→5.x, `transformers` 4.45→4.53, `tokenizers` 0.20→0.21, `huggingface-hub` 0.25→0.36\n- Added `upload-time` metadata field to all package entries\n- Split `typing-extensions` into Python version-conditional variants (4.12.2 for ≥3.11, 4.15.0 for \u003c3.11)\n- Added new packages: `annotated-doc`, `cloudpickle`, `gepa`, `hf-xet`, `nvidia-cufile-cu12`, `nvidia-cusparselt-cu12`, `typing-inspection`\n- Removed packages: `datasets`, `minijinja`, `responses`, `structlog` \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean.\n- No critical, significant, or medium issues were identified in the heuristic analysis.\n- All changed files passed review with no flagged concerns.\n","html_url":"https://github.com/patrik-fredon/langflow/pull/100","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/100","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/100/packages"},{"uuid":"4031961804","node_id":"PR_kwDONUO8uM7IYuR1","number":99,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-12T00:09:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-06T03:14:12.000Z","updated_at":"2026-03-12T00:09:24.000Z","time_to_close":507310,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.7","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.7` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Sep 17, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): resolve Windows deadlock and test race condition :pr:\u003ccode\u003e488\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(lock): add lifetime parameter for lock expiration (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/68\"\u003e#68\u003c/a\u003e) :pr:\u003ccode\u003e486\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add cancel_check to acquire (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/309\"\u003e#309\u003c/a\u003e) :pr:\u003ccode\u003e487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(api): detect same-thread self-deadlock :pr:\u003ccode\u003e481\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(mode): respect POSIX default ACLs (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/378\"\u003e#378\u003c/a\u003e) :pr:\u003ccode\u003e483\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): eliminate lock file race in threaded usage :pr:\u003ccode\u003e484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add poll_interval to constructor :pr:\u003ccode\u003e482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:\u003ccode\u003e480\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive dependency update in uv.lock with major version upgrades and package additions/removals.\n- Incremented lock file revision to 3\n- Added upload-time metadata to all package entries for source distributions and wheels\n- Upgraded major dependencies: authlib (1.3.1 → 1.6.7), deepdiff (8.0.1 → 8.6.1), fastapi (0.115.2 → 0.135.1), torch (2.4.1 → 2.8.0)\n- Added new packages: annotated-doc, cloudpickle, gepa, hf-xet\n- Removed packages: datasets, minijinja\n- Updated dependency markers and resolution markers for enhanced platform and Python version compatibility \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR passed automated checks without issues\n- Heuristic analysis shows zero critical, significant, high-risk, medium, or low severity issues\n- No existing unresolved comments that would block merging\n- The PR appears clean with no identified logic, security, or style concerns\n","html_url":"https://github.com/patrik-fredon/langflow/pull/99","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/99","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/99/packages"},{"uuid":"3990496884","node_id":"PR_kwDONUO8uM7GSCh_","number":96,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-25T16:37:50.000Z","updated_at":"2026-02-25T16:39:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":22,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.6","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.4","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.4.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.6` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.4` | `3.1.6` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.4.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun GHA unit tests with uv by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/805\"\u003eauthlib/authlib#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove from pre-commit to prek by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/804\"\u003eauthlib/authlib#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSign OIDC id_token  according to \u003ccode\u003eid_token_signed_response_alg\u003c/code\u003e client metadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/802\"\u003eauthlib/authlib#802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Sep 17, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e error raising. :issue:\u003ccode\u003e795\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eresponse_mode=form_post\u003c/code\u003e with Starlette client. :issue:\u003ccode\u003e793\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003ecrit\u003c/code\u003e header value, reject unprotected header in \u003ccode\u003ecrit\u003c/code\u003e header.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 26, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOIDC \u003ccode\u003eid_token\u003c/code\u003e are signed according to \u003ccode\u003eid_token_signed_response_alg\u003c/code\u003e\nclient metadata. :issue:\u003ccode\u003e755\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restore \u003ccode\u003eOAuth2Request\u003c/code\u003e \u003ccode\u003ebody\u003c/code\u003e parameter. :issue:\u003ccode\u003e781\u003c/code\u003e :pr:\u003ccode\u003e791\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e127.0.0.1\u003c/code\u003e in insecure transport mode. :pr:\u003ccode\u003e788\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRaise \u003ccode\u003eMissingCodeException\u003c/code\u003e when the \u003ccode\u003ecode\u003c/code\u003e parameter is missing. :issue:\u003ccode\u003e793\u003c/code\u003e :pr:\u003ccode\u003e794\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eid_token\u003c/code\u003e generation with \u003ccode\u003eEdDSA\u003c/code\u003e algs. :issue:\u003ccode\u003e799\u003c/code\u003e :pr:\u003ccode\u003e800\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jul 20, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/06015d20652a23eff8350b6ad71b32fe41dae4ba\"\u003e\u003ccode\u003e06015d2\u003c/code\u003e\u003c/a\u003e test: factorize the token fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9ec42561cd1a81b518598d252f8adbcf446f7419\"\u003e\u003ccode\u003e9ec4256\u003c/code\u003e\u003c/a\u003e chore: release 1.6.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): resolve Windows deadlock and test race condition :pr:\u003ccode\u003e488\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(lock): add lifetime parameter for lock expiration (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/68\"\u003e#68\u003c/a\u003e) :pr:\u003ccode\u003e486\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add cancel_check to acquire (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/309\"\u003e#309\u003c/a\u003e) :pr:\u003ccode\u003e487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(api): detect same-thread self-deadlock :pr:\u003ccode\u003e481\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(mode): respect POSIX default ACLs (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/378\"\u003e#378\u003c/a\u003e) :pr:\u003ccode\u003e483\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): eliminate lock file race in threaded usage :pr:\u003ccode\u003e484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add poll_interval to constructor :pr:\u003ccode\u003e482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:\u003ccode\u003e480\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.23.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: move from Unlicense to MIT :pr:\u003ccode\u003e479\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: add fasteners to similar libraries :pr:\u003ccode\u003e478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.22.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): skip stale detection on Windows :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(soft): detect and break stale locks :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive Python dependency update upgrading lock file revision and major framework versions with significant dependency restructuring.\n- FastAPI upgraded to 0.133.0 with new type inspection dependencies\n- dspy upgraded to 3.0.4b1 with major dependency changes (removed datasets, added 8 new packages)\n- torch upgraded to 2.8.0 with additional NVIDIA CUDA support libraries\n- litellm upgraded to 1.72.6.post2, migrating from requests to httpx\n- authlib, deepdiff, and multiple HTTP libraries (h11, h2, hpack, httpcore, hyperframe, filelock) upgraded to latest versions\n- Added upload timestamps to package metadata for improved traceability \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean\n- Zero critical, significant, or high-risk issues detected by heuristic analysis\n- No existing unresolved comments that would block merging\n- All heuristic indicators point to a safe merge with maximum allowed score of 5/5\n","html_url":"https://github.com/patrik-fredon/langflow/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"},{"uuid":"3970741594","node_id":"PR_kwDOQ767ts7FR0pP","number":2,"state":"closed","title":"Bump the pip group across 16 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T00:03:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-20T23:08:13.000Z","updated_at":"2026-02-21T00:03:45.000Z","time_to_close":3330,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":9,"packages":[{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /sample-apps/django-mysql directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /sample-apps/django-mysql-gunicorn directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse), [urllib3](https://github.com/urllib3/urllib3) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/django-postgres-gunicorn directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse), [urllib3](https://github.com/urllib3/urllib3) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/fastapi-postgres-uvicorn directory: [requests](https://github.com/psf/requests), [h11](https://github.com/python-hyper/h11), [urllib3](https://github.com/urllib3/urllib3) and [starlette](https://github.com/Kludex/starlette).\nBumps the pip group with 4 updates in the /sample-apps/flask-clickhouse-uwsgi directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mongo directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [werkzeug](https://github.com/pallets/werkzeug) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/flask-mssql directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mysql directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mysql-uwsgi directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-openai directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-postgres directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /sample-apps/flask-postgres-gevent directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-postgres-xml directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 6 updates in the /sample-apps/quart-mongo directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n\nBumps the pip group with 6 updates in the /sample-apps/quart-postgres-uvicorn directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n\nBumps the pip group with 3 updates in the /sample-apps/starlette-postgres-uvicorn directory: [requests](https://github.com/psf/requests), [h11](https://github.com/python-hyper/h11) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.3 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 i...\n\n_Description has been truncated_","html_url":"https://github.com/saimonmize-afk/firewall-python/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saimonmize-afk%2Ffirewall-python/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"3942371124","node_id":"PR_kwDORJXmGM7D06sO","number":124,"state":"open","title":"Bump h2 from 4.1.0 to 4.3.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-14T21:21:50.000Z","updated_at":"2026-02-14T21:21:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.1.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.1.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/masonj0/favplc/pull/124","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/masonj0%2Ffavplc/issues/124","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/124/packages"},{"uuid":"3926224208","node_id":"PR_kwDOGfceZM7C_NDj","number":4591,"state":"closed","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["Dependencies","Triage Required :hospital:","pr/external","pr/internal","size: small","area/dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-12T07:27:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-11T12:14:05.000Z","updated_at":"2026-02-12T07:28:38.000Z","time_to_close":69213,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/litestar-org/litestar/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/litestar-org/litestar/pull/4591","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/litestar-org%2Flitestar/issues/4591","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4591/packages"},{"uuid":"3902366190","node_id":"PR_kwDOPK4oDM7BxNWw","number":43,"state":"open","title":"build(deps): bump the uv group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-05T16:10:02.000Z","updated_at":"2026-02-05T16:11:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":7,"packages":[{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"azure-core","old_version":"1.35.0","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cbor2","old_version":"5.6.5","new_version":"5.8.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"orjson","old_version":"3.10.18","new_version":"3.11.5","repository_url":"https://github.com/ijl/orjson"},{"name":"protobuf","old_version":"6.31.1","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.35.0` | `1.38.0` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.6.5` | `5.8.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.18` | `3.11.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-core` from 1.35.0 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-core_1.38.0\u003c/h2\u003e\n\u003ch2\u003e1.38.0 (2026-01-12)\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the continuation token format. Continuation tokens generated by previous versions of azure-core are not compatible with this version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eazure-core_1.37.0\u003c/h2\u003e\n\u003ch2\u003e1.37.0 (2025-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eget_backcompat_attr_name\u003c/code\u003e to \u003ccode\u003eazure.core.serialization\u003c/code\u003e. \u003ccode\u003eget_backcompat_attr_name\u003c/code\u003e gets the backcompat name of an attribute using backcompat attribute access.  \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6d2e6431ea0991861640e449e51e894247a7771a\"\u003e\u003ccode\u003e6d2e643\u003c/code\u003e\u003c/a\u003e update release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44609\"\u003e#44609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca2b965d8cce6eaa135fe01804b96164b56b7f16\"\u003e\u003ccode\u003eca2b965\u003c/code\u003e\u003c/a\u003e [Core] Prep release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44590\"\u003e#44590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fb8cbea1b9d85135f7ba99bfc6cbc2f3cee138ff\"\u003e\u003ccode\u003efb8cbea\u003c/code\u003e\u003c/a\u003e Introduce new version of continuation token (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44574\"\u003e#44574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6578a78f6a7429bbe73e27ebe904d7f362d7efa2\"\u003e\u003ccode\u003e6578a78\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44398\"\u003e#44398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a69a3c26f3a3ed0c9e5a888d991ad447754ad00b\"\u003e\u003ccode\u003ea69a3c2\u003c/code\u003e\u003c/a\u003e add example to demo how to use truststore (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44343\"\u003e#44343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5ade1087ec6a425d7639eefcff206ceffdf3d48f\"\u003e\u003ccode\u003e5ade108\u003c/code\u003e\u003c/a\u003e Bumping the targeted \u003ccode\u003ehttpx\u003c/code\u003e for \u003ccode\u003eazure-core-experimental\u003c/code\u003e dev reqs (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44328\"\u003e#44328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/cbb1db62711eae72aca1b2bbeedcbd7e02d21109\"\u003e\u003ccode\u003ecbb1db6\u003c/code\u003e\u003c/a\u003e [core] add tests and fix backcompat functions (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4adcc524b09e09e4916f1280a32f9802cc798788\"\u003e\u003ccode\u003e4adcc52\u003c/code\u003e\u003c/a\u003e [Core] Support timeout error in requests+aiohttp transports (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43201\"\u003e#43201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fd709673eacbebc1107d998f217a131fa3394326\"\u003e\u003ccode\u003efd70967\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43435\"\u003e#43435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/b52527cdfdeff6b6aab4b93a87d4402b1403ce89\"\u003e\u003ccode\u003eb52527c\u003c/code\u003e\u003c/a\u003e [Core] Update TypeHandlerRegistry typing (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43393\"\u003e#43393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.35.0...azure-core_1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.6.5 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14 (no free-threading support yet, sorry)\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/247\"\u003e#247\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/247\"\u003eagronholm/cbor2#247\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for encoding indefinite containers (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/256\"\u003e#256\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/256\"\u003eagronholm/cbor2#256\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/CZDanol\"\u003e\u003ccode\u003e@​CZDanol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded complex number support (tag 43000) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/249\"\u003e#249\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/249\"\u003eagronholm/cbor2#249\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/chillenb\"\u003e\u003ccode\u003e@​chillenb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c77cea8e0d77aebdb6eea051433352a1de824ff1\"\u003e\u003ccode\u003ec77cea8\u003c/code\u003e\u003c/a\u003e Removed macos-13 from the OS matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2320d95d93dbd1da5926a90351ccbfa78dfb70bc\"\u003e\u003ccode\u003e2320d95\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/9ff48e3ce4ec3f0f2db8752558756b9e95dbc3d0\"\u003e\u003ccode\u003e9ff48e3\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/22acea4740f244e2d2f500a62501be08fb9506b1\"\u003e\u003ccode\u003e22acea4\u003c/code\u003e\u003c/a\u003e Updated the version history entry for \u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c368bb394e8c8dd73669fdfa4cba633728ca20ae\"\u003e\u003ccode\u003ec368bb3\u003c/code\u003e\u003c/a\u003e Fixed the links and the semver declaration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824\"\u003e\u003ccode\u003efb4ee16\u003c/code\u003e\u003c/a\u003e Added a read-ahead buffer to the C decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/0bcf400a4575edce046ecdd2f9ab73ee606d8863\"\u003e\u003ccode\u003e0bcf400\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/7aa6cad1840176affdbee97568cabfb2ef9ff566\"\u003e\u003ccode\u003e7aa6cad\u003c/code\u003e\u003c/a\u003e Added dependabot config for GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/6409f6aa994969333fd69c2688996d3e7aad9fc3\"\u003e\u003ccode\u003e6409f6a\u003c/code\u003e\u003c/a\u003e Added a security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/403c2ce3d61ce5ddc2d2143127baf31b7ab4a75c\"\u003e\u003ccode\u003e403c2ce\u003c/code\u003e\u003c/a\u003e Fixed nested shareable in arrays (python decoder only) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.6.5...5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.18 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deserialization buffer allocated per request instead of a shared buffer allocated on import.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.14 beta 4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2 - 2025-08-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1 - 2025-07-25\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures. This was introduced in 3.11.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0 - 2025-07-15\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/fb3eb1f729c7e7b019f780af5695722c99c7c695\"\u003e\u003ccode\u003efb3eb1f\u003c/code\u003e\u003c/a\u003e 3.11.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/52688e02c51c845cde24a46cd1011a6010d10eb8\"\u003e\u003ccode\u003e52688e0\u003c/code\u003e\u003c/a\u003e Record contributors in headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/dc083e87d5262e7dde3ba4b1d2a377b5b065a27c\"\u003e\u003ccode\u003edc083e8\u003c/code\u003e\u003c/a\u003e Further compatibility and build misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/18f0186d47fbadd53c9db4e39a442d5b04225418\"\u003e\u003ccode\u003e18f0186\u003c/code\u003e\u003c/a\u003e Compatibility and build misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/a4fdeb3aff125d501ec0dd0577f9b38b2b977b4f\"\u003e\u003ccode\u003ea4fdeb3\u003c/code\u003e\u003c/a\u003e 3.11.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/2e80d68afacafca8751e6a64ca05d0d4087dbd15\"\u003e\u003ccode\u003e2e80d68\u003c/code\u003e\u003c/a\u003e unlikely to cold_path, remove intrinsics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/27edea92f8da2fdfc3f1342474e2f1686f1edf55\"\u003e\u003ccode\u003e27edea9\u003c/code\u003e\u003c/a\u003e FFI through crate::ffi, partial non-CPython compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/416a8c9578da780d0d58b5e6b751793deafc610d\"\u003e\u003ccode\u003e416a8c9\u003c/code\u003e\u003c/a\u003e Unconditionally build yyjson\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c8c1a17dca8436a2fee05ca060febd096e653d98\"\u003e\u003ccode\u003ec8c1a17\u003c/code\u003e\u003c/a\u003e edition 2024\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/af4179a1fa0aafffd0f867203b6c36e9a522f165\"\u003e\u003ccode\u003eaf4179a\u003c/code\u003e\u003c/a\u003e build maintenance, panic_immediate_abort break, test 3.15\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.18...3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.31.1 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/f1ed02e41c193a66741572185bab94d34f43daec\"\u003e\u003ccode\u003ef1ed02e\u003c/code\u003e\u003c/a\u003e Package pyasn1 with pyproject.toml (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/93c4d4f0b6af84c13517b5700104ac57fb6d3fe5\"\u003e\u003ccode\u003e93c4d4f\u003c/code\u003e\u003c/a\u003e Switch documentation user to pyasn1 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/authentik/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔧 This PR updates 7 Python dependencies in the uv group, including critical security fixes for urllib3 and pyasn1, along with feature updates and performance improvements across multiple packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: urllib3 updated from 2.5.0 to 2.6.3 with fixes for decompression bomb vulnerabilities (CVE-2026-21441, CVE-2025-66471, CVE-2025-66418)\n- **ASN.1 Security**: pyasn1 updated from 0.6.1 to 0.6.2 with fix for OID/RELATIVE-OID decoder vulnerability (CVE-2026-23490)\n- **Azure SDK**: azure-core updated from 1.35.0 to 1.38.0 with breaking changes to continuation token format\n- **Performance Improvements**: cbor2 updated from 5.6.5 to 5.8.0 with 20-140% performance gains through readahead buffering\n- **Protocol Updates**: h2 updated from 4.2.0 to 4.3.0 with stricter header validation and dataclass conversion\n- **JSON Processing**: orjson updated from 3.10.18 to 3.11.5 with Python 3.14/3.15 compatibility\n- **Protocol Buffers**: protobuf updated from 6.31.1 to 6.33.5 with extensive breaking changes and new features\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 7 Package Updates]\n    B --\u003e C[Security Fixes]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Performance Improvements]\n    \n    C --\u003e F[urllib3: Decompression Bomb Fixes]\n    C --\u003e G[pyasn1: OID Decoder Fix]\n    \n    D --\u003e H[azure-core: New Continuation Token Format]\n    D --\u003e I[h2: Stricter Header Validation]\n    D --\u003e J[protobuf: Breaking API Changes]\n    \n    E --\u003e K[cbor2: Readahead Buffering]\n    E --\u003e L[orjson: Per-request Buffer Allocation]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple high-severity vulnerabilities in HTTP processing and ASN.1 parsing\n- **Performance Boost**: Significant improvements in CBOR decoding (20-140%) and JSON processing efficiency\n- **Compatibility**: Adds support for Python 3.14/3.15 while maintaining backward compatibility for most packages\n- **Breaking Changes**: azure-core continuation tokens and protobuf APIs require attention during deployment\n- **Reliability**: Improved error handling and stricter validation across HTTP/2 and protocol buffer processing\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/authentik/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fauthentik/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"3863248355","node_id":"PR_kwDOOtp8w86_vjXW","number":173,"state":"open","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-28T02:30:02.000Z","updated_at":"2026-01-28T02:32:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/andyngdz/exogen_backend/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/andyngdz/exogen_backend/pull/173","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyngdz%2Fexogen_backend/issues/173","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/173/packages"},{"uuid":"3844457584","node_id":"PR_kwDOPeaMis6-xusa","number":15,"state":"open","title":"chore(deps): bump the pip group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-22T19:38:40.000Z","updated_at":"2026-01-22T19:38:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":8,"packages":[{"name":"filelock","old_version":"3.18.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"cbor2","old_version":"5.6.5","new_version":"5.8.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"wheel","old_version":"0.45.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pip","old_version":"25.0.1","new_version":"25.3","repository_url":"https://github.com/pypa/pip"},{"name":"starlette","old_version":"0.47.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 8 updates in the /requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.18.0` | `3.20.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.6.5` | `5.8.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `25.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.47.2` | `0.49.1` |\n\n\nUpdates `filelock` from 3.18.0 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.18.0...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.6.5 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14 (no free-threading support yet, sorry)\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/247\"\u003e#247\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/247\"\u003eagronholm/cbor2#247\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for encoding indefinite containers (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/256\"\u003e#256\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/256\"\u003eagronholm/cbor2#256\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/CZDanol\"\u003e\u003ccode\u003e@​CZDanol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded complex number support (tag 43000) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/249\"\u003e#249\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/249\"\u003eagronholm/cbor2#249\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/chillenb\"\u003e\u003ccode\u003e@​chillenb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c77cea8e0d77aebdb6eea051433352a1de824ff1\"\u003e\u003ccode\u003ec77cea8\u003c/code\u003e\u003c/a\u003e Removed macos-13 from the OS matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2320d95d93dbd1da5926a90351ccbfa78dfb70bc\"\u003e\u003ccode\u003e2320d95\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/9ff48e3ce4ec3f0f2db8752558756b9e95dbc3d0\"\u003e\u003ccode\u003e9ff48e3\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/22acea4740f244e2d2f500a62501be08fb9506b1\"\u003e\u003ccode\u003e22acea4\u003c/code\u003e\u003c/a\u003e Updated the version history entry for \u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c368bb394e8c8dd73669fdfa4cba633728ca20ae\"\u003e\u003ccode\u003ec368bb3\u003c/code\u003e\u003c/a\u003e Fixed the links and the semver declaration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824\"\u003e\u003ccode\u003efb4ee16\u003c/code\u003e\u003c/a\u003e Added a read-ahead buffer to the C decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/0bcf400a4575edce046ecdd2f9ab73ee606d8863\"\u003e\u003ccode\u003e0bcf400\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/7aa6cad1840176affdbee97568cabfb2ef9ff566\"\u003e\u003ccode\u003e7aa6cad\u003c/code\u003e\u003c/a\u003e Added dependabot config for GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/6409f6aa994969333fd69c2688996d3e7aad9fc3\"\u003e\u003ccode\u003e6409f6a\u003c/code\u003e\u003c/a\u003e Added a security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/403c2ce3d61ce5ddc2d2143127baf31b7ab4a75c\"\u003e\u003ccode\u003e403c2ce\u003c/code\u003e\u003c/a\u003e Fixed nested shareable in arrays (python decoder only) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.6.5...5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/f1ed02e41c193a66741572185bab94d34f43daec\"\u003e\u003ccode\u003ef1ed02e\u003c/code\u003e\u003c/a\u003e Package pyasn1 with pyproject.toml (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/93c4d4f0b6af84c13517b5700104ac57fb6d3fe5\"\u003e\u003ccode\u003e93c4d4f\u003c/code\u003e\u003c/a\u003e Switch documentation user to pyasn1 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.1 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.0 (2024-11-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRefactored the \u003ccode\u003econvert\u003c/code\u003e command to not need setuptools to be installed\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't configure setuptools logging unless running \u003ccode\u003ebdist_wheel\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a redirection from \u003ccode\u003ewheel.bdist_wheel.bdist_wheel\u003c/code\u003e to\n\u003ccode\u003esetuptools.command.bdist_wheel.bdist_wheel\u003c/code\u003e to improve compatibility with\n\u003ccode\u003esetuptools\u003c/code\u003e' latest fixes.\u003c/p\u003e\n\u003cp\u003eProjects are still advised to migrate away from the deprecated  module and import\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.1...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.0.1 to 25.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e25.3 (2025-10-24)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for the legacy \u003ccode\u003esetup.py develop\u003c/code\u003e editable method in setuptools\neditable installs; setuptools \u0026gt;= 64 is now required. (\u003ccode\u003e[#11457](https://github.com/pypa/pip/issues/11457) \u0026lt;https://github.com/pypa/pip/issues/11457\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the deprecated \u003ccode\u003e--global-option\u003c/code\u003e and \u003ccode\u003e--build-option\u003c/code\u003e.\n\u003ccode\u003e--config-setting\u003c/code\u003e is now the only way to pass options to the build backend. (\u003ccode\u003e[#11859](https://github.com/pypa/pip/issues/11859) \u0026lt;https://github.com/pypa/pip/issues/11859\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate the \u003ccode\u003ePIP_CONSTRAINT\u003c/code\u003e environment variable for specifying build\nconstraints.\u003c/p\u003e\n\u003cp\u003eUse the \u003ccode\u003e--build-constraint\u003c/code\u003e option or the \u003ccode\u003ePIP_BUILD_CONSTRAINT\u003c/code\u003e environment variable\ninstead. When build constraints are used, \u003ccode\u003ePIP_CONSTRAINT\u003c/code\u003e no longer affects isolated build\nenvironments. To enable this behavior without specifying any build constraints, use\n\u003ccode\u003e--use-feature=build-constraint\u003c/code\u003e. (\u003ccode\u003e[#13534](https://github.com/pypa/pip/issues/13534) \u0026lt;https://github.com/pypa/pip/issues/13534\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for non-standard legacy wheel filenames. (\u003ccode\u003e[#13581](https://github.com/pypa/pip/issues/13581) \u0026lt;https://github.com/pypa/pip/issues/13581\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for the deprecated \u003ccode\u003esetup.py bdist_wheel\u003c/code\u003e mechanism. Consequently,\n\u003ccode\u003e--use-pep517\u003c/code\u003e is now always on, and \u003ccode\u003e--no-use-pep517\u003c/code\u003e has been removed. (\u003ccode\u003e[#6334](https://github.com/pypa/pip/issues/6334) \u0026lt;https://github.com/pypa/pip/issues/6334\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen :pep:\u003ccode\u003e658\u003c/code\u003e metadata is available, full distribution files are no longer downloaded when using \u003ccode\u003epip lock\u003c/code\u003e or \u003ccode\u003epip install --dry-run\u003c/code\u003e. (\u003ccode\u003e[#12603](https://github.com/pypa/pip/issues/12603) \u0026lt;https://github.com/pypa/pip/issues/12603\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAdd support for installing an editable requirement written as a Direct URL (\u003ccode\u003ePackageName @ URL\u003c/code\u003e). (\u003ccode\u003e[#13495](https://github.com/pypa/pip/issues/13495) \u0026lt;https://github.com/pypa/pip/issues/13495\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAdd support for build constraints via the \u003ccode\u003e--build-constraint\u003c/code\u003e option. This\nallows constraining the versions of packages used during the build process\n(e.g., setuptools) without affecting the final installation. (\u003ccode\u003e[#13534](https://github.com/pypa/pip/issues/13534) \u0026lt;https://github.com/pypa/pip/issues/13534\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eOn \u003ccode\u003eResolutionImpossible\u003c/code\u003e errors, include a note about causes with no candidates. (\u003ccode\u003e[#13588](https://github.com/pypa/pip/issues/13588) \u0026lt;https://github.com/pypa/pip/issues/13588\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eBuilding pip itself from source now uses flit-core instead of setuptools.\nThis does not affect how pip installs or builds packages you use. (\u003ccode\u003e[#13473](https://github.com/pypa/pip/issues/13473) \u0026lt;https://github.com/pypa/pip/issues/13473\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed \u003ccode\u003eVersion\u003c/code\u003e metadata entries and\nshow a sensible error message instead of crashing. (\u003ccode\u003e[#13443](https://github.com/pypa/pip/issues/13443) \u0026lt;https://github.com/pypa/pip/issues/13443\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePermit spaces between a filepath and extras in an install requirement. (\u003ccode\u003e[#13523](https://github.com/pypa/pip/issues/13523) \u0026lt;https://github.com/pypa/pip/issues/13523\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEnsure the self-check files in the cache have the same permissions as the rest of the cache. (\u003ccode\u003e[#13528](https://github.com/pypa/pip/issues/13528) \u0026lt;https://github.com/pypa/pip/issues/13528\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAvoid concurrency issues and improve performance when caching locally built wheels,\nespecially when the temporary build directory is on a different filesystem than the cache.\nThe wheel directory passed to the build backend is now a temporary subdirectory inside\nthe cache directory. (\u003ccode\u003e[#13540](https://github.com/pypa/pip/issues/13540) \u0026lt;https://github.com/pypa/pip/issues/13540\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eInclude relevant user-supplied constraints in logs when reporting dependency conflicts. (\u003ccode\u003e[#13545](https://github.com/pypa/pip/issues/13545) \u0026lt;https://github.com/pypa/pip/issues/13545\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a regression in configuration parsing that was turning a single value\ninto a list and thus leading to a validation error. (\u003ccode\u003e[#13548](https://github.com/pypa/pip/issues/13548) \u0026lt;https://github.com/pypa/pip/issues/13548\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFor Python versions that do not support :pep:\u003ccode\u003e706\u003c/code\u003e, pip will now raise an installation error for a\nsource distribution when it includes a symlink that points outside the source distribution archive. (\u003ccode\u003e[#13550](https://github.com/pypa/pip/issues/13550) \u0026lt;https://github.com/pypa/pip/issues/13550\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e--user\u003c/code\u003e installs if \u003ccode\u003esite.ENABLE_USER_SITE\u003c/code\u003e is set to \u003ccode\u003eFalse\u003c/code\u003e. (\u003ccode\u003e[#8794](https://github.com/pypa/pip/issues/8794) \u0026lt;https://github.com/pypa/pip/issues/8794\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35\"\u003e\u003ccode\u003ea520693\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f\"\u003e\u003ccode\u003e0f2973e\u003c/code\u003e\u003c/a\u003e Fix up authors by adding entry to \u003ccode\u003e.mailmap\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8\"\u003e\u003ccode\u003e87828dc\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453\"\u003e\u003ccode\u003ece6a38c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13628\"\u003e#13628\u003c/a\u003e from sbidoul/imp-doc-pep517-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e\"\u003e\u003ccode\u003eee16c81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13629\"\u003e#13629\u003c/a\u003e from notatallshaw/bump-gone_in=\u0026quot;25.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2\"\u003e\u003ccode\u003e3e227aa\u003c/code\u003e\u003c/a\u003e Bump gone_in=\u0026quot;25.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b\"\u003e\u003ccode\u003e4ad1828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13495\"\u003e#13495\u003c/a\u003e from ichard26/feat/direct-editables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf\"\u003e\u003ccode\u003e66ded3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13570\"\u003e#13570\u003c/a\u003e from ShubhamNagure/fix-constraint-reporting-13545\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9\"\u003e\u003ccode\u003e67e8ac2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13588\"\u003e#13588\u003c/a\u003e from notatallshaw/hint-on-resolution-impossible-whe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c\"\u003e\u003ccode\u003e990ca8a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/8796\"\u003e#8796\u003c/a\u003e from pelson/honour_user_site\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...25.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.47.2 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.2...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/trizist/warehouse/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/trizist/warehouse/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/trizist%2Fwarehouse/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"3827936557","node_id":"PR_kwDOF4uETc696oGp","number":700,"state":"open","title":"Deps: Bump the python-packages group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T04:26:25.000Z","updated_at":"2026-01-19T04:26:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":22,"packages":[{"name":"psutil","old_version":"7.0.0","new_version":"7.2.1","repository_url":"https://github.com/giampaolo/psutil"},{"name":"python-gnupg","old_version":"0.5.4","new_version":"0.5.6","repository_url":"https://github.com/vsajip/python-gnupg"},{"name":"tomli","old_version":"2.2.1","new_version":"2.4.0","repository_url":"https://github.com/hukkin/tomli"},{"name":"coverage","old_version":"7.10.1","new_version":"7.10.7","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pontos","old_version":"25.6.0","new_version":"25.8.1","repository_url":"https://github.com/greenbone/pontos"},{"name":"autohooks","old_version":"25.4.1","new_version":"25.11.0","repository_url":"https://github.com/greenbone/autohooks"},{"name":"anyio","old_version":"4.9.0","new_version":"4.12.1","repository_url":"https://github.com/agronholm/anyio"},{"name":"black","old_version":"25.1.0","new_version":"25.11.0","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2025.7.14","new_version":"2026.1.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"colorful","old_version":"0.5.7","new_version":"0.5.8","repository_url":"https://github.com/timofurrer/colorful"},{"name":"exceptiongroup","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/agronholm/exceptiongroup"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"idna","old_version":"3.10","new_version":"3.11","repository_url":"https://github.com/kjd/idna"},{"name":"isort","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/PyCQA/isort"},{"name":"lxml","old_version":"6.0.0","new_version":"6.0.2","repository_url":"https://github.com/lxml/lxml"},{"name":"pathspec","old_version":"0.12.1","new_version":"1.0.3","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.3.8","new_version":"4.4.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"rich","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/Textualize/rich"},{"name":"ruff","old_version":"0.12.5","new_version":"0.14.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"shtab","old_version":"1.7.2","new_version":"1.8.0","repository_url":"https://github.com/iterative/shtab"},{"name":"tomlkit","old_version":"0.13.3","new_version":"0.14.0","repository_url":"https://github.com/sdispater/tomlkit"},{"name":"typing-extensions","old_version":"4.14.1","new_version":"4.15.0","repository_url":"https://github.com/python/typing_extensions"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [psutil](https://github.com/giampaolo/psutil) | `7.0.0` | `7.2.1` |\n| [python-gnupg](https://github.com/vsajip/python-gnupg) | `0.5.4` | `0.5.6` |\n| [tomli](https://github.com/hukkin/tomli) | `2.2.1` | `2.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.1` | `7.10.7` |\n| [pontos](https://github.com/greenbone/pontos) | `25.6.0` | `25.8.1` |\n| [autohooks](https://github.com/greenbone/autohooks) | `25.4.1` | `25.11.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.9.0` | `4.12.1` |\n| [black](https://github.com/psf/black) | `25.1.0` | `25.11.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2025.7.14` | `2026.1.4` |\n| [colorful](https://github.com/timofurrer/colorful) | `0.5.7` | `0.5.8` |\n| [exceptiongroup](https://github.com/agronholm/exceptiongroup) | `1.3.0` | `1.3.1` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.11` |\n| [isort](https://github.com/PyCQA/isort) | `6.0.1` | `6.1.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.0.2` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `0.12.1` | `1.0.3` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.3.8` | `4.4.0` |\n| [rich](https://github.com/Textualize/rich) | `14.1.0` | `14.2.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.12.5` | `0.14.13` |\n| [shtab](https://github.com/iterative/shtab) | `1.7.2` | `1.8.0` |\n| [tomlkit](https://github.com/sdispater/tomlkit) | `0.13.3` | `0.14.0` |\n| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |\n\n\nUpdates `psutil` from 7.0.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/giampaolo/psutil/blob/master/HISTORY.rst\"\u003epsutil's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e7.2.1\u003c/h1\u003e\n\u003cp\u003e2025-12-29\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2699_, [FreeBSD], [NetBSD]: \u003ccode\u003eheap_info()\u003c/code\u003e_ does not detect small allocations\n(\u0026lt;= 1K). In order to fix that, we now flush internal jemalloc cache before\nfetching the metrics.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.2.0\u003c/h1\u003e\n\u003cp\u003e2025-12-23\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEnhancements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e1275_: new \u003ccode\u003eheap_info()\u003c/code\u003e_ and \u003ccode\u003eheap_trim()\u003c/code\u003e_ functions, providing direct\naccess to the platform's native C heap allocator (glibc, mimalloc,\nlibmalloc). Useful to create tools to detect memory leaks.\u003c/li\u003e\n\u003cli\u003e2403_, [Linux]: publish wheels for Linux musl.\u003c/li\u003e\n\u003cli\u003e2680_: unit tests are no longer installed / part of the distribution. They\nnow live under \u003ccode\u003etests/\u003c/code\u003e instead of \u003ccode\u003epsutil/tests\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2684_, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing\ninclude.\u003c/li\u003e\n\u003cli\u003e2691_, [Windows]: fix memory leak in \u003ccode\u003enet_if_stats()\u003c/code\u003e_ due to missing\n\u003ccode\u003ePy_CLEAR\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eCompatibility notes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2680_: \u003ccode\u003eimport psutil.tests\u003c/code\u003e no longer works (but it was never documented to\nbegin with).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.1.3\u003c/h1\u003e\n\u003cp\u003e2025-11-02\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEnhancements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2667_: enforce \u003ccode\u003eclang-format\u003c/code\u003e on all C and header files. It is now the\nmandatory formatting style for all C sources.\u003c/li\u003e\n\u003cli\u003e2672_, [macOS], [BSD]: increase the chances to recognize zombie processes and\nraise the appropriate exception (\u003ccode\u003eZombieProcess\u003c/code\u003e_).\u003c/li\u003e\n\u003cli\u003e2676_, 2678_: replace unsafe \u003ccode\u003esprintf\u003c/code\u003e / \u003ccode\u003esnprintf\u003c/code\u003e / \u003ccode\u003esprintf_s\u003c/code\u003e calls with\n\u003ccode\u003estr_format()\u003c/code\u003e. Replace \u003ccode\u003estrlcat\u003c/code\u003e / \u003ccode\u003estrlcpy\u003c/code\u003e with safe \u003ccode\u003estr_copy\u003c/code\u003e /\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/6130c19da2d01383befa0dfca2371a792f8881af\"\u003e\u003ccode\u003e6130c19\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2699\"\u003e#2699\u003c/a\u003e / BSD: flush internal jemalloc cache before returning metrics.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/899ee4efa9c1943de14a5818853b6dc9c019eb4f\"\u003e\u003ccode\u003e899ee4e\u003c/code\u003e\u003c/a\u003e Mention psleak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/704e218db7da14e98a54f2aa9f93372d5900e0b4\"\u003e\u003ccode\u003e704e218\u003c/code\u003e\u003c/a\u003e Pre-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/1a946cfe738045cecf031222cd5078da21946af4\"\u003e\u003ccode\u003e1a946cf\u003c/code\u003e\u003c/a\u003e Take psleak from PYPI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/5085421cabed317d5e2f7164e6072b0be05ba4f1\"\u003e\u003ccode\u003e5085421\u003c/code\u003e\u003c/a\u003e Use external psleak module for memleak tests (\u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2698\"\u003e#2698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/ac56e6ad0b7c08755a5542afdacb668ad164fd09\"\u003e\u003ccode\u003eac56e6a\u003c/code\u003e\u003c/a\u003e CI: don't cancel CI in progress on 1st failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/10fe3d5e9372a504167b0a4df440ab949c0410fe\"\u003e\u003ccode\u003e10fe3d5\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of github.com:giampaolo/psutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/ba507bd26bbfe5d1bdc45d606c8979f9e6f632cb\"\u003e\u003ccode\u003eba507bd\u003c/code\u003e\u003c/a\u003e Fix various CI errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/d5a1398f0860c04883ef881c4760f32d14ef4abf\"\u003e\u003ccode\u003ed5a1398\u003c/code\u003e\u003c/a\u003e Update cpu_count docs: clarify differences from os.cpu_count (\u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2696\"\u003e#2696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/556158f55fc3b2f1271b48c66c46912323cf8bec\"\u003e\u003ccode\u003e556158f\u003c/code\u003e\u003c/a\u003e Refact memleak.py\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/giampaolo/psutil/compare/release-7.0.0...release-7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-gnupg` from 0.5.4 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vsajip/python-gnupg/releases\"\u003epython-gnupg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eEnhancement and bug-fix release 0.5.6\u003c/h2\u003e\n\u003cp\u003eThis is an enhancement and bug-fix release, and all users are encouraged to upgrade.\u003c/p\u003e\n\u003cp\u003eBrief summary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/261\"\u003e#261\u003c/a\u003e: Ensure capability, fingerprint and keygrip are added to subkey_info.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet username in the result when Verify uses a signing key that has expired or been revoked. Thanks to Steven Galgano for the patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release has been signed with my code signing key:\u003c/p\u003e\n\u003cp\u003eVinay Sajip (CODE SIGNING KEY) \u0026lt;vinay_sajip at yahoo.co.uk\u0026gt;\nFingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86\u003c/p\u003e\n\u003ch2\u003eEnhancement and bug-fix release 0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is an enhancement and bug-fix release, and all users are encouraged to upgrade.\u003c/p\u003e\n\u003cp\u003eBrief summary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/249\"\u003e#249\u003c/a\u003e: Handle fetching GPG version when not the first item in the configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/250\"\u003e#250\u003c/a\u003e: Capture uid info in a uid_map attribute of ScanKeys/ListKeys.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/255\"\u003e#255\u003c/a\u003e: Improve handling of exceptions raised in background threads.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release has been signed with my code signing key:\u003c/p\u003e\n\u003cp\u003eVinay Sajip (CODE SIGNING KEY) \u0026lt;vinay_sajip at yahoo.co.uk\u0026gt;\nFingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/54e9ca0f80f5a0d0b4252e13d5c431f3f5f40c71\"\u003e\u003ccode\u003e54e9ca0\u003c/code\u003e\u003c/a\u003e Changes for 0.5.6.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/8825037344b03473595e694e01a1e0fa5e74023f\"\u003e\u003ccode\u003e8825037\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/909cf606f07097feb5316c265f0108a4c753f9a5\"\u003e\u003ccode\u003e909cf60\u003c/code\u003e\u003c/a\u003e Remove Travis CI and AppVeyor config (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/f0bfa1acb7000cfff3bfdec5d9bff15299c364d3\"\u003e\u003ccode\u003ef0bfa1a\u003c/code\u003e\u003c/a\u003e Drop redundant \u003ccode\u003ewheel\u003c/code\u003e from PEP 517 build deps (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/9b0399b4684a1f8d9e763c99c94cd9baed5ebc34\"\u003e\u003ccode\u003e9b0399b\u003c/code\u003e\u003c/a\u003e Fix typo: spell decrypted_data correctly in the documentation. (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/fcedea7ac922cf5113c28beff16e59340fa4731c\"\u003e\u003ccode\u003efcedea7\u003c/code\u003e\u003c/a\u003e Added capability to subkey_info, reformatted code.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/eca04eb5c9f5d251bb32a183427acb8fbe564102\"\u003e\u003ccode\u003eeca04eb\u003c/code\u003e\u003c/a\u003e Set username when Verify uses a signing key that has expired or been (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/acfa89869940b81a96c6eb1e475c1c4f645ae879\"\u003e\u003ccode\u003eacfa898\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/261\"\u003e#261\u003c/a\u003e: Ensure fingerprint and keygrip are added to subkey_info.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/8148db43edf62ca8310000f0aaae138784c0e51b\"\u003e\u003ccode\u003e8148db4\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/2e829849129d4789b8877fe621349b09ca5b29cd\"\u003e\u003ccode\u003e2e82984\u003c/code\u003e\u003c/a\u003e Added tag 0.5.5 for changeset 1b77f5b12ad7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vsajip/python-gnupg/compare/0.5.4...0.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tomli` from 2.2.1 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hukkin/tomli/blob/master/CHANGELOG.md\"\u003etomli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded\n\u003cul\u003e\n\u003cli\u003eTOML v1.1.0 compatibility\u003c/li\u003e\n\u003cli\u003eBinary wheels for Windows arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded\n\u003cul\u003e\n\u003cli\u003eBinary wheels for Python 3.14 (also free-threaded)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ePerformance\n\u003cul\u003e\n\u003cli\u003eReduced import time\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/a678e6fdeffa89bd28e4ecc148b926a4e1bbbc7b\"\u003e\u003ccode\u003ea678e6f\u003c/code\u003e\u003c/a\u003e Bump version: 2.3.0 → 2.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/b8a1358cd4f3932b910333e0179270093596ce64\"\u003e\u003ccode\u003eb8a1358\u003c/code\u003e\u003c/a\u003e Tests: remove now needless \u0026quot;TOML compliance\u0026quot;-\u0026gt;\u0026quot;burntsushi\u0026quot; format conversion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/497937545351e0b4c8afe2299d5ddfb4a7e050cc\"\u003e\u003ccode\u003e4979375\u003c/code\u003e\u003c/a\u003e Update GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/f890dd1719da0e0f4e83cac39218ba2ded61fa94\"\u003e\u003ccode\u003ef890dd1\u003c/code\u003e\u003c/a\u003e Update pre-commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/d9c65c3379b8b92dfab52c8c694605b1aea5a65d\"\u003e\u003ccode\u003ed9c65c3\u003c/code\u003e\u003c/a\u003e Add 2.4.0 change log\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/0efe49d88c2d6ee38e3ad21bfcf64249968fe6c4\"\u003e\u003ccode\u003e0efe49d\u003c/code\u003e\u003c/a\u003e Update README for v2.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/9eb2125ef49071e673d42e383b5221a268665193\"\u003e\u003ccode\u003e9eb2125\u003c/code\u003e\u003c/a\u003e TOML 1.1: Make seconds optional in Date-Time and Time (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/12314bde5b89a8bdc32de7403a2a4cf786187bbc\"\u003e\u003ccode\u003e12314bd\u003c/code\u003e\u003c/a\u003e TOML 1.1: Add \\xHH Unicode escape code to basic strings (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/2a2aa62f1bc71b89b74d41dd2ab67b5dd24bc129\"\u003e\u003ccode\u003e2a2aa62\u003c/code\u003e\u003c/a\u003e TOML 1.1: Allow newlines and trailing comma in inline tables (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/38297f82cd0ef067f1afd2ffb8dfa73b65c398da\"\u003e\u003ccode\u003e38297f8\u003c/code\u003e\u003c/a\u003e Xfail on tests for TOML 1.1 features not yet supported\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hukkin/tomli/compare/2.2.1...2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.1 to 7.10.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.10.7 — 2025-09-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: with branch coverage in large files, generating HTML, JSON, or\nLCOV reports could take far too long due to some quadratic behavior when\ncreating the function and class index pages.  This is now fixed, closing\n\u003ccode\u003eissue 2048\u003c/code\u003e_.  Thanks to Daniel Diniz for help diagnosing the problem.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMost warnings and a few errors now have links to a page in the docs\nexplaining the specific message.  Closes \u003ccode\u003eissue 1921\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1921: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1921\"\u003ecoveragepy/coveragepy#1921\u003c/a\u003e\n.. _issue 2048: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2048\"\u003ecoveragepy/coveragepy#2048\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-6:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.6 — 2025-08-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003esource\u003c/code\u003e directories were not properly communicated to subprocesses\nthat ran in different directories, as reported in \u003ccode\u003eissue 1499\u003c/code\u003e_.  This is now\nfixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: \u003ccode\u003eAlex Gaynor continues fine-tuning \u0026lt;pull 2038_\u0026gt;\u003c/code\u003e_ the speed of\ncombination, especially with many contexts.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1499: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1499\"\u003ecoveragepy/coveragepy#1499\u003c/a\u003e\n.. _pull 2038: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2038\"\u003ecoveragepy/coveragepy#2038\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.5 — 2025-08-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBig speed improvements for \u003ccode\u003ecoverage combine\u003c/code\u003e: it's now about twice as\nfast! Huge thanks to Alex Gaynor for pull requests \u003ccode\u003e2032 \u0026lt;pull 2032_\u0026gt;\u003c/code\u003e\u003cem\u003e,\n\u003ccode\u003e2033 \u0026lt;pull 2033_\u0026gt;\u003c/code\u003e\u003c/em\u003e, and \u003ccode\u003e2034 \u0026lt;pull 2034_\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _pull 2032: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2032\"\u003ecoveragepy/coveragepy#2032\u003c/a\u003e\n.. _pull 2033: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2033\"\u003ecoveragepy/coveragepy#2033\u003c/a\u003e\n.. _pull 2034: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2034\"\u003ecoveragepy/coveragepy#2034\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-4:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.4 — 2025-08-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/92a2af54e6bc948a9c536bd9b12bab70fb055904\"\u003e\u003ccode\u003e92a2af5\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.10.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/952afdaca658d5e1acdd533c727448a0b218caf0\"\u003e\u003ccode\u003e952afda\u003c/code\u003e\u003c/a\u003e docs: prep for 7.10.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a301761e69da97b27662f395974d26f78fa8b2b5\"\u003e\u003ccode\u003ea301761\u003c/code\u003e\u003c/a\u003e build: riscv64 wheels (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2055\"\u003e#2055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5daff8d38786aa540ff9bec622eb3389f117f911\"\u003e\u003ccode\u003e5daff8d\u003c/code\u003e\u003c/a\u003e docs: now source is formatted with ruff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/04bbc3acfd914fdd99ffec9873bc03bdc7329357\"\u003e\u003ccode\u003e04bbc3a\u003c/code\u003e\u003c/a\u003e docs: discuss cog in the contributing docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c181b9315f59a81667da47cf3d760d0253872238\"\u003e\u003ccode\u003ec181b93\u003c/code\u003e\u003c/a\u003e build: use cog --check-fail-msg to instruct devs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/33c4ba196f49e0ee86ab0ff473c0876c0bacd5fa\"\u003e\u003ccode\u003e33c4ba1\u003c/code\u003e\u003c/a\u003e chore: make upgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/0744b73b6b503ccf2cb75aba095c023672b921a8\"\u003e\u003ccode\u003e0744b73\u003c/code\u003e\u003c/a\u003e chore: bump the action-dependencies group across 1 directory with 2 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/0d5a112fc54c1d5a07f3f2ec451779808902c9af\"\u003e\u003ccode\u003e0d5a112\u003c/code\u003e\u003c/a\u003e perf: bulk narrowing to avoid N**2. \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2048\"\u003e#2048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a868ed9269ca474748130f5c6360cd2aae66ffc8\"\u003e\u003ccode\u003ea868ed9\u003c/code\u003e\u003c/a\u003e docs: mention Python Discord on the index page\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.1...7.10.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pontos` from 25.6.0 to 25.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/pontos/releases\"\u003epontos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epontos 25.8.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.8.0...v25.8.1\"\u003e25.8.1\u003c/a\u003e - 2025-08-20\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRust support for workspace.package.version \u003ca href=\"https://github.com/greenbone/pontos/commit/83e17f1a\"\u003e83e17f1a\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4.2.2 to 4.3.0 in the actions group \u003ca href=\"https://github.com/greenbone/pontos/commit/c2656f8e\"\u003ec2656f8e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump coverage from 7.10.3 to 7.10.4 in the python-packages group \u003ca href=\"https://github.com/greenbone/pontos/commit/18e2dee7\"\u003e18e2dee7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.8.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.2...v25.8.0\"\u003e25.8.0\u003c/a\u003e - 2025-08-12\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake it possible to read [workspace.project] in cargo.toml \u003ca href=\"https://github.com/greenbone/pontos/commit/57ca3c2c\"\u003e57ca3c2c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse 'Array' in cargo tests instead of 'Table' \u003ca href=\"https://github.com/greenbone/pontos/commit/cabc6ea7\"\u003ecabc6ea7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 3 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/a5e524c5\"\u003ea5e524c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/0be16215\"\u003e0be16215\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.1...v25.7.2\"\u003e25.7.2\u003c/a\u003e - 2025-07-30\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvalid CVE configurations data for node schema \u003ca href=\"https://github.com/greenbone/pontos/commit/a6287f1e\"\u003ea6287f1e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.0...v25.7.1\"\u003e25.7.1\u003c/a\u003e - 2025-07-29\u003c/h2\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group across 1 directory with 4 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/175a6401\"\u003e175a6401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump starlette from 0.47.1 to 0.47.2 \u003ca href=\"https://github.com/greenbone/pontos/commit/073c944b\"\u003e073c944b\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.0\u003c/h2\u003e\n\u003ch2\u003e[25.7.0] - 2025-07-28\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eformat_date timespec and fallback timezone \u003ca href=\"https://github.com/greenbone/pontos/commit/12da523c\"\u003e12da523c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/7189a16de789e0615402690cc905ba8dddc2c81f\"\u003e\u003ccode\u003e7189a16\u003c/code\u003e\u003c/a\u003e Automatic release to 25.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/83e17f1ad6786196013c53ff1331352a2175e496\"\u003e\u003ccode\u003e83e17f1\u003c/code\u003e\u003c/a\u003e Change: Rust support for workspace.package.version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/c2656f8e1ed6d6ec61db983c79d261ee5a54f107\"\u003e\u003ccode\u003ec2656f8\u003c/code\u003e\u003c/a\u003e Deps: Bump actions/checkout from 4.2.2 to 4.3.0 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/18e2dee7d7b754248e7817eed034517275d358aa\"\u003e\u003ccode\u003e18e2dee\u003c/code\u003e\u003c/a\u003e Deps: Bump coverage from 7.10.3 to 7.10.4 in the python-packages group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/69db3f909cb502fc05bd90d3c51fb84280462b22\"\u003e\u003ccode\u003e69db3f9\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/f004abbee5e6a726fefc0baeb2a1a44952ec54a4\"\u003e\u003ccode\u003ef004abb\u003c/code\u003e\u003c/a\u003e Automatic release to 25.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/cabc6ea7553d84e3f8888f27f5cc3af51f5b3168\"\u003e\u003ccode\u003ecabc6ea\u003c/code\u003e\u003c/a\u003e Fix: Use 'Array' in cargo tests instead of 'Table'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/57ca3c2c7d076ee78591f814f61035034d2b6ae4\"\u003e\u003ccode\u003e57ca3c2\u003c/code\u003e\u003c/a\u003e change: Make it possible to read [workspace.project] in cargo.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a5e524c5fc927a2645925ccb261583c7bba5fe79\"\u003e\u003ccode\u003ea5e524c\u003c/code\u003e\u003c/a\u003e Deps: Bump the python-packages group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/0be162159d1760e0e120d3b1e0e0f113068a6d87\"\u003e\u003ccode\u003e0be1621\u003c/code\u003e\u003c/a\u003e Deps: Bump the python-packages group with 3 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/pontos/compare/v25.6.0...v25.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `autohooks` from 25.4.1 to 25.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/autohooks/releases\"\u003eautohooks's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eautohooks 25.11.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/autohooks/compare/v25.4.1...v25.11.0\"\u003e25.11.0\u003c/a\u003e - 2025-11-12\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs in utils.py \u003ca href=\"https://github.com/greenbone/autohooks/commit/72d35b5\"\u003e72d35b5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/20ebe2e\"\u003e20ebe2e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/23aa3ce\"\u003e23aa3ce\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.14.1 to 0.14.2 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/281256f\"\u003e281256f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/854ad74\"\u003e854ad74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/d300d01\"\u003ed300d01\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 3 to 4 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/3a831d3\"\u003e3a831d3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 11 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/884f854\"\u003e884f854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/9c353bd\"\u003e9c353bd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.12.11 to 0.12.12 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/83b15f6\"\u003e83b15f6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 5 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/4406ed8\"\u003e4406ed8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/cb2ace3\"\u003ecb2ace3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 7 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/cb1e5ed\"\u003ecb1e5ed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 5 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/d9ea536\"\u003ed9ea536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 7 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/a285e18\"\u003ea285e18\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/f86ae40\"\u003ef86ae40\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 8 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/6db3de9\"\u003e6db3de9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump urllib3 from 2.4.0 to 2.5.0 \u003ca href=\"https://github.com/greenbone/autohooks/commit/d7575e1\"\u003ed7575e1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/2a2d6c0\"\u003e2a2d6c0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/a34e40c\"\u003ea34e40c\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/8b38426\"\u003e8b38426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/0810181\"\u003e0810181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.11.9 to 0.11.10 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/e66e3b4\"\u003ee66e3b4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/389ddfc\"\u003e389ddfc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/51dcf29\"\u003e51dcf29\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/cc8c5e4\"\u003ecc8c5e4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/fbc2f2e18e1d6687f1b75c405497eea097de90bf\"\u003e\u003ccode\u003efbc2f2e\u003c/code\u003e\u003c/a\u003e Automatic release to 25.11.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/20ebe2e89eb34bdef362dac45457b8e7d71a4a36\"\u003e\u003ccode\u003e20ebe2e\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/23aa3ce252f2c54ed35b531b841e9b2a62467532\"\u003e\u003ccode\u003e23aa3ce\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/5e4a2f39f633262257785c2eceb7e2dc3b727405\"\u003e\u003ccode\u003e5e4a2f3\u003c/code\u003e\u003c/a\u003e Fix  Add or Update detect-hidden-unicode.yml (\u003ca href=\"https://redirect.github.com/greenbone/autohooks/issues/753\"\u003e#753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/281256f4d84f740ce798171c23869503420321e2\"\u003e\u003ccode\u003e281256f\u003c/code\u003e\u003c/a\u003e Deps: Bump ruff from 0.14.1 to 0.14.2 in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/854ad742cb81790c087308de884608f33949ffa2\"\u003e\u003ccode\u003e854ad74\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/d300d01bcc7a964f5f27bf2ffdc0ffcf493498c1\"\u003e\u003ccode\u003ed300d01\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/3a831d333cd22e6e86cfe9ba5b7e6c4a2ce4594c\"\u003e\u003ccode\u003e3a831d3\u003c/code\u003e\u003c/a\u003e Deps: Bump github/codeql-action from 3 to 4 in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/884f854ec7daa9cbbec6d91e0a3f979919f75177\"\u003e\u003ccode\u003e884f854\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group across 1 directory with 11 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/9c353bdf19eeb1baaba2d73d225205cc8647bb8b\"\u003e\u003ccode\u003e9c353bd\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/autohooks/compare/v25.4.1...v25.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.9.0 to 4.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.12.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged all functions currently raising the private \u003ccode\u003eNoCurrentAsyncBackend\u003c/code\u003e exception (since v4.12.0) to instead raise the public \u003ccode\u003eNoEventLoopError\u003c/code\u003e exception (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with instance methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for asyncio's \u003ca href=\"https://docs.python.org/3/library/asyncio-graph.html\"\u003etask call graphs\u003c/a\u003e on Python 3.14 and later when using AnyIO's task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1025\"\u003e#1025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded an asynchronous implementation of the \u003ccode\u003efunctools\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003euvloop=True\u003c/code\u003e on Windows via the \u003ca href=\"https://github.com/Vizonex/Winloop\"\u003ewinloop\u003c/a\u003e implementation (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/960\"\u003e#960\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Vizonex\"\u003e\u003ccode\u003e@​Vizonex\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for use as a context manager to \u003ccode\u003eanyio.lowlevel.RunVar\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1003\"\u003e#1003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e__all__\u003c/code\u003e declarations to public submodules (\u003ccode\u003eanyio.lowlevel\u003c/code\u003e etc.) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1009\"\u003e#1009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to set the token count of a \u003ccode\u003eCapacityLimiter\u003c/code\u003e to zero (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1019\"\u003e#1019\u003c/a\u003e; requires Python 3.10 or later when using Trio)\u003c/li\u003e\n\u003cli\u003eAdded parameters \u003ccode\u003ecase_sensitive\u003c/code\u003e and \u003ccode\u003erecurse_symlinks\u003c/code\u003e along with support for path-like objects to \u003ccode\u003eanyio.Path.glob()\u003c/code\u003e and \u003ccode\u003eanyio.Path.rglob()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1033\"\u003e#1033\u003c/a\u003e; PR by \u003ca href=\"https://github.com/northisup\"\u003e\u003ccode\u003e@​northisup\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped \u003ccode\u003esniffio\u003c/code\u003e as a direct dependency and added the \u003ccode\u003eget_available_backends()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not raising \u003ccode\u003eClosedResourceError\u003c/code\u003e and \u003ccode\u003eBrokenResourceError\u003c/code\u003e on asyncio. Previously, a non-AnyIO exception was raised in such cases (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not checkpointing before writing data on asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1002\"\u003e#1002\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a race condition where cancelling a \u003ccode\u003eFuture\u003c/code\u003e from \u003ccode\u003eBlockingPortal.start_task_soon()\u003c/code\u003e would sometimes not cancel the async function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1011\"\u003e#1011\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the presence of the pytest plugin causing breakage with older versions of pytest (\u0026lt;= 6.1.2) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1028\"\u003e#1028\u003c/a\u003e; PR by \u003ca href=\"https://github.com/saper\"\u003e\u003ccode\u003e@​saper\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a rarely occurring \u003ccode\u003eRuntimeError: Set changed size during iteration\u003c/code\u003e while shutting down the process pool when using the asyncio backend (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for cancellation reasons (the \u003ccode\u003ereason\u003c/code\u003e parameter to \u003ccode\u003eCancelScope.cancel()\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum version of Trio to v0.31.0\u003c/li\u003e\n\u003cli\u003eAdded the ability to enter the event loop from foreign (non-worker) threads by passing the return value of \u003ccode\u003eanyio.lowlevel.current_token()\u003c/code\u003e to \u003ccode\u003eanyio.from_thread.run()\u003c/code\u003e and \u003ccode\u003eanyio.from_thread.run_sync()\u003c/code\u003e as the \u003ccode\u003etoken\u003c/code\u003e keyword argument (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded pytest option (\u003ccode\u003eanyio_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e) to make the pytest plugin automatically handle all async tests (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/971\"\u003e#971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eanyio.Condition.wait_for()\u003c/code\u003e method for feature parity with asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the default type argument of \u003ccode\u003eanyio.abc.TaskStatus\u003c/code\u003e from \u003ccode\u003eAny\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when \u003ccode\u003elocal_port=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/857\"\u003e#857\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed inconsistency between Trio and asyncio where a TCP stream that previously raised a \u003ccode\u003eBrokenResourceError\u003c/code\u003e on \u003ccode\u003esend()\u003c/code\u003e would still raise \u003ccode\u003eBrokenResourceError\u003c/code\u003e after the stream was closed on asyncio, but \u003ccode\u003eClosedResourceError\u003c/code\u003e on Trio. They now both raise a \u003ccode\u003eClosedResourceError\u003c/code\u003e in this scenario. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003efeed_data()\u003c/code\u003e method to the \u003ccode\u003eBufferedByteReceiveStream\u003c/code\u003e class, allowing users to inject data directly into the buffer\u003c/li\u003e\n\u003cli\u003eAdded various class methods to wrap existing sockets as listeners or socket streams:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSocketListener.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSocketStream.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUNIXSocketStream.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUDPSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnectedUDPSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUNIXDatagramSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnectedUNIXDatagramSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdded a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects\u003c/li\u003e\n\u003cli\u003eAdded context manager mix-in classes (\u003ccode\u003eanyio.ContextManagerMixin\u003c/code\u003e and \u003ccode\u003eanyio.AsyncContextManagerMixin\u003c/code\u003e) to help write classes that embed other context managers, particularly cancel scopes or task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/905\"\u003e#905\u003c/a\u003e; PR by \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/tapetersen\"\u003e\u003ccode\u003e@​tapetersen\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to specify the thread name in \u003ccode\u003estart_blocking_portal()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/818\"\u003e#818\u003c/a\u003e; PR by \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eanyio.notify_closing\u003c/code\u003e to allow waking \u003ccode\u003eanyio.wait_readable\u003c/code\u003e and \u003ccode\u003eanyio.wait_writable\u003c/code\u003e before closing a socket. Among other things, this prevents an OSError on the \u003ccode\u003eProactorEventLoop\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/896\"\u003e#896\u003c/a\u003e; PR by \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)\u003c/li\u003e\n\u003cli\u003eAdded a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's\u003c/li\u003e\n\u003cli\u003eUpdated the \u003ccode\u003eto_interpreters\u003c/code\u003e module to use the public \u003ccode\u003econcurrent.interpreters\u003c/code\u003e API on Python 3.14 or later\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path.copy()\u003c/code\u003e and \u003ccode\u003eanyio.Path.copy_into()\u003c/code\u003e failing on Python 3.14.0a7\u003c/li\u003e\n\u003cli\u003eFixed return annotation of \u003ccode\u003e__aexit__\u003c/code\u003e on async context managers. CMs which can suppress exceptions should return \u003ccode\u003ebool\u003c/code\u003e, or \u003ccode\u003eNone\u003c/code\u003e otherwise. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/913\"\u003e#913\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Enegg\"\u003e\u003ccode\u003e@​Enegg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed rollover boundary check in \u003ccode\u003eSpooledTemporaryFile\u003c/code\u003e so that rollover only occurs when the buffer size exceeds \u003ccode\u003emax_size\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/915\"\u003e#915\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated testing and documentation dependencies from extras to dependency groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/a0dccbd78d75886247ae7846b460fd390cc94fbd\"\u003e\u003ccode\u003ea0dccbd\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/e1121a735c977c00c18b3a581d28daf83a279833\"\u003e\u003ccode\u003ee1121a7\u003c/code\u003e\u003c/a\u003e Enabled tests for the 4.12.x branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/69ab43e549517ce554f84365fed9da90e806c303\"\u003e\u003ccode\u003e69ab43e\u003c/code\u003e\u003c/a\u003e Fixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/4f4b33ed56edd1bc4785a368a103ad8138730d91\"\u003e\u003ccode\u003e4f4b33e\u003c/code\u003e\u003c/a\u003e Remove \u003ccode\u003eBlockingPortal.__new__\u003c/code\u003e hack (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/af17d89b80ebbd526215e2dbd025b284730aaa3f\"\u003e\u003ccode\u003eaf17d89\u003c/code\u003e\u003c/a\u003e Replaced the NoCurrentAsyncBackend exception with NoEventLoopError (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/4310264312a2e86e792481bdb05bdb381678a6b5\"\u003e\u003ccode\u003e4310264\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/0cc6723ba5a2fdaa98a24852d3681c4ed99b8863\"\u003e\u003ccode\u003e0cc6723\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/bc021b634291223d6829c0a689152173443a8545\"\u003e\u003ccode\u003ebc021b6\u003c/code\u003e\u003c/a\u003e Fixed the download-artifact settings to retain the expected behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/c6000aa2837f75733f3c09c454f5a31eb9f9f536\"\u003e\u003ccode\u003ec6000aa\u003c/code\u003e\u003c/a\u003e Corrected the format of the version in the changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9d1bfe0da4261bcef3c10cd31218237805a89937\"\u003e\u003ccode\u003e9d1bfe0\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.9.0...4.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.1.0 to 25.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.11.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable base 3.14 support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for the new Python 3.14 t-string syntax introduced by PEP 750 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where comments between \u003ccode\u003e# fmt: off\u003c/code\u003e and \u003ccode\u003e# fmt: on\u003c/code\u003e were reformatted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComments containing fmt directives now preserve their exact formatting instead of\nbeing normalized (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove \u003ccode\u003emultiline_string_handling\u003c/code\u003e from \u003ccode\u003e--unstable\u003c/code\u003e to \u003ccode\u003e--preview\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4760\"\u003e#4760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where module docstrings would be treated as normal strings if preceded by\ncomments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where python 3.12 generics syntax split line happens weirdly (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStandardize type comments to form \u003ccode\u003e# type: \u0026lt;value\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e preview feature to respect \u003ccode\u003e# fmt: skip\u003c/code\u003e for compound\nstatements with semicolon-separated bodies (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eno_cache\u003c/code\u003e option to control caching behavior. (\u003ca href=\"https://redirect.github.com/psf/black/issues/4803\"\u003e#4803\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReleases now include arm64 Linux binaries (\u003ca href=\"https://redirect.github.com/psf/black/issues/4773\"\u003e#4773\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWrite unchanged content to stdout when excluding formatting from stdin using pipes\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4610\"\u003e#4610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented BlackDClient. This simple python client allows to easily send formatting\nrequests to blackd (\u003ca href=\"https://redirect.github.com/psf/black/issues/4774\"\u003e#4774\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eIntegrations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable 3.14 base CI (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnhance GitHub Action \u003ccode\u003epsf/black\u003c/code\u003e to support the \u003ccode\u003erequired-version\u003c/code\u003e major-version-only\n\u0026quot;stability\u0026quot; format when using pyproject.toml (\u003ca href=\"https://redirect.github.com/psf/black/issues/4770\"\u003e#4770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for vim plugin users. It now handles independently vim version\u003c/li\u003e\n\u003cli\u003eVim: Warn on unsupported Vim and Python versions independently (\u003ca href=\"https://redirect.github.com/psf/black/issues/4772\"\u003e#4772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Print the import paths when importing black fails (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Fix handling of virtualenvs that have a different Python version (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.11.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable base 3.14 support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for the new Python 3.14 t-string syntax introduced by PEP 750 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where comments between \u003ccode\u003e# fmt: off\u003c/code\u003e and \u003ccode\u003e# fmt: on\u003c/code\u003e were reformatted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComments containing fmt directives now preserve their exact formatting instead of\nbeing normalized (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove \u003ccode\u003emultiline_string_handling\u003c/code\u003e from \u003ccode\u003e--unstable\u003c/code\u003e to \u003ccode\u003e--preview\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4760\"\u003e#4760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where module docstrings would be treated as normal strings if preceded by\ncomments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where python 3.12 generics syntax split line happens weirdly (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStandardize type comments to form \u003ccode\u003e# type: \u0026lt;value\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e preview feature to respect \u003ccode\u003e# fmt: skip\u003c/code\u003e for compound\nstatements with semicolon-separated bodies (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eno_cache\u003c/code\u003e option to control caching behavior. (\u003ca href=\"https://redirect.github.com/psf/black/issues/4803\"\u003e#4803\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReleases now include arm64 Linux binaries (\u003ca href=\"https://redirect.github.com/psf/black/issues/4773\"\u003e#4773\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWrite unchanged content to stdout when excluding formatting from stdin using pipes\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4610\"\u003e#4610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented BlackDClient. This simple python client allows to easily send formatting\nrequests to blackd (\u003ca href=\"https://redirect.github.com/psf/black/issues/4774\"\u003e#4774\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eIntegrations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable 3.14 base CI (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnhance GitHub Action \u003ccode\u003epsf/black\u003c/code\u003e to support the \u003ccode\u003erequired-version\u003c/code\u003e major-version-only\n\u0026quot;stability\u0026quot; format when using pyproject.toml (\u003ca href=\"https://redirect.github.com/psf/black/issues/4770\"\u003e#4770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for vim plugin users. It now handles independently vim version\u003c/li\u003e\n\u003cli\u003eVim: Warn on unsupported Vim and Python versions independently (\u003ca href=\"https://redirect.github.com/psf/black/issues/4772\"\u003e#4772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Print the import paths when importing black fails (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Fix handling of virtualenvs that have a different Python version (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/05f0a8ce1f71fbb36e1e032d3b518c7b945089a2\"\u003e\u003ccode\u003e05f0a8c\u003c/code\u003e\u003c/a\u003e Prepare for 25.11.0 release (\u003ca href=\"https://redirect.github.com/psf/black/issues/4825\"\u003e#4825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ae17c61310e44401ca55d17a9c01db1dc03940a6\"\u003e\u003ccode\u003eae17c61\u003c/code\u003e\u003c/a\u003e Fix tests on pytest 9 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4835\"\u003e#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/138745eca650aa59ab30458f7b1c026b66608a09\"\u003e\u003ccode\u003e138745e\u003c/code\u003e\u003c/a\u003e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/18170d6d8d9bdde97d4cd3568cfa8be434a09ff3\"\u003e\u003ccode\u003e18170d6\u003c/code\u003e\u003c/a\u003e ci: add label for running all builds on a pull request (\u003ca href=\"https://redirect.github.com/psf/black/issues/4833\"\u003e#4833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0e793e3d7e0d12dbda1573fa1bb785b1f066ee7c\"\u003e\u003ccode\u003e0e793e3\u003c/code\u003e\u003c/a\u003e fix windows wheels (\u003ca href=\"https://redirect.github.com/psf/black/issues/4830\"\u003e#4830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b71f36c9fda07930c83e22681e0ec08ddf5a3980\"\u003e\u003ccode\u003eb71f36c\u003c/code\u003e\u003c/a\u003e Use build[uv] as cibuildwheel frontend (\u003ca href=\"https://redirect.github.com/psf/black/issues/4831\"\u003e#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/a7bd594493bb5cb703beee877a2df40556b0baaa\"\u003e\u003ccode\u003ea7bd594\u003c/code\u003e\u003c/a\u003e Skip free threaded builds in cibuildwheel (\u003ca href=\"https://redirect.github.com/psf/black/issues/4829\"\u003e#4829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/862dee91fa1259ca2bc00f10538b52a4959bdbe8\"\u003e\u003ccode\u003e862dee9\u003c/code\u003e\u003c/a\u003e Update cibuildwheel (\u003ca href=\"https://redirect.github.com/psf/black/issues/4828\"\u003e#4828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b5f354c56627640e0b853af51a51d9262bafa9f0\"\u003e\u003ccode\u003eb5f354c\u003c/code\u003e\u003c/a\u003e build: restrict to pytest 9.0 due to breakage in custom pytest_configure (\u003ca href=\"https://redirect.github.com/psf/black/issues/4827\"\u003e#4827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/f705197f57149b79ed83cccf22e4fed19b48a7bf\"\u003e\u003ccode\u003ef705197\u003c/code\u003e\u003c/a\u003e t-string support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.1.0...25.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2025.7.14 to 2026.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c64d9f3a8496c0195548697f2080e716af66dd6a\"\u003e\u003ccode\u003ec64d9f3\u003c/code\u003e\u003c/a\u003e 2026.01.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/389\"\u003e#389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4ac232f05a547071543d2fb069aa3c62b1dc79f3\"\u003e\u003ccode\u003e4ac232f\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/387\"\u003e#387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/95ae4b20e8abb7fa708e751e346466d16b36211a\"\u003e\u003ccode\u003e95ae4b2\u003c/code\u003e\u003c/a\u003e Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/386\"\u003e#386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/b72a7b1a40ae20755338d3132d8f880427b3b6fc\"\u003e\u003ccode\u003eb72a7b1\u003c/code\u003e\u003c/a\u003e Bump dessant/lock-threads from 5.0.1 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/385\"\u003e#385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ecc267216fbdcecb1b2aa2aa175152b773cc5ced\"\u003e\u003ccode\u003eecc2672\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/384\"\u003e#384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6a897dbc1124b17f179ef225742fcda481ec96f3\"\u003e\u003ccode\u003e6a897db\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/383\"\u003e#383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/27ca98ad845ee6d130a88301622c137893f71620\"\u003e\u003ccode\u003e27ca98a\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/56c59a63909cfd3162b37e7bc16956e64df0f737\"\u003e\u003ccode\u003e56c59a6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.0 to 6.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/382\"\u003e#382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ae0021cd43a77bfba67d20a041469cdf6996570e\"\u003e\u003ccode\u003eae0021c\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.0.0 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ddf5d0b5d2a3d55fd92a79f141dbb5e074caf924\"\u003e\u003ccode\u003eddf5d0b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5.0.1 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2025.07.14...2026.01.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `colorful` from 0.5.7 to 0.5.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timofurrer/colorful/releases\"\u003ecolorful's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMini cleanup by \u003ca href=\"https://github.com/fliiiix\"\u003e\u003ccode\u003e@​fliiiix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timofurrer/colorful/pull/59\"\u003etimofurrer/colorful#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\"\u003ehttps://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timofurrer/colorful/blob/master/CHANGELOG.md\"\u003ecolorful's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v0.5.8]\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest Python 3.14 support\u003c/li\u003e\n\u003cli\u003eDrop Python 2 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/3d5cbc6ef52255455e103dd6dd7cb2ce8b5ea91a\"\u003e\u003ccode\u003e3d5cbc6\u003c/code\u003e\u003c/a\u003e release: v0.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/48890f8f1b60a5668f7bcc5df769559c54121c25\"\u003e\u003ccode\u003e48890f8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timofurrer/colorful/issues/59\"\u003e#59\u003c/a\u003e from timofurrer/chore/cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/4d72903ba1c8e4e98870a03b2e626870ca2640f4\"\u003e\u003ccode\u003e4d72903\u003c/code\u003e\u003c/a\u003e Add Python 3.14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/89ee187095fc230c63a5c88537a37e6b6280910a\"\u003e\u003ccode\u003e89ee187\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/cd5e0ac06cb765d4ea0b8b5fe4a770530935400a\"\u003e\u003ccode\u003ecd5e0ac\u003c/code\u003e\u003c/a\u003e Run pyupgrade to migrate away from Python 2 code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/64655aab5e8012f13e1cc1ad6d9d0e315c900212\"\u003e\u003ccode\u003e64655aa\u003c/code\u003e\u003c/a\u003e Inherit from class is a Python 2 thing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/47ee2f6bda3ef915c4b0eb09cce7a628a6897731\"\u003e\u003ccode\u003e47ee2f6\u003c/code\u003e\u003c/a\u003e Drop encoding hint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/842803ebbf14a652cd2a1d11ef5cce18c25b068f\"\u003e\u003ccode\u003e842803e\u003c/code\u003e\u003c/a\u003e Cleanup comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `exceptiongroup` from 1.3.0 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/exceptiongroup/releases\"\u003eexceptiongroup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAttributeError: 'TracebackException' object has no attribute 'exceptions'\u003c/code\u003e when formatting unpickled TBEs from another Python process which did not apply the \u003ccode\u003eexceptiongroup\u003c/code\u003e patches (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst\"\u003eexceptiongroup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVersion history\u003c/h1\u003e\n\u003cp\u003eThis library adheres to \u003ccode\u003eSemantic Versioning 2.0 \u0026lt;http://semver.org/\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.1\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAttributeError: 'TracebackException' object has no attribute 'exceptions'\u003c/code\u003e\nwhen formatting unpickled TBEs from another Python process which did not apply the\n\u003ccode\u003eexceptiongroup\u003c/code\u003e patches\n(\u003ccode\u003e[#144](https://github.com/agronholm/exceptiongroup/issues/144) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/144\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.0\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e**kwargs\u003c/code\u003e to function and method signatures as appropriate to match the\nsignatures in the standard library\u003c/li\u003e\n\u003cli\u003eIn line with the stdlib typings in typeshed, updated \u003ccode\u003e(Base)ExceptionGroup\u003c/code\u003e generic\ntypes to define defaults for their generic arguments (defaulting to\n\u003ccode\u003eBaseExceptionGroup[BaseException]\u003c/code\u003e and \u003ccode\u003eExceptionGroup[Exception]\u003c/code\u003e)\n(PR by \u003ca href=\"https://github.com/mikenerone\"\u003e\u003ccode\u003e@​mikenerone\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eBaseExceptionGroup.__init__()\u003c/code\u003e to directly call\n\u003ccode\u003eBaseException.__init__()\u003c/code\u003e instead of the superclass \u003ccode\u003e__init__()\u003c/code\u003e in order to\nemulate the CPython behavior (broken or not) (PR by \u003ca href=\"https://github.com/cfbolz\"\u003e\u003ccode\u003e@​cfbolz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003eexceptions\u003c/code\u003e attribute to always return the same tuple of exceptions,\ncreated from the original exceptions sequence passed to \u003ccode\u003eBaseExceptionGroup\u003c/code\u003e to\nmatch CPython behavior\n(\u003ccode\u003e[#143](https://github.com/agronholm/exceptiongroup/issues/143) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/143\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.2\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved an \u003ccode\u003eassert\u003c/code\u003e in \u003ccode\u003eexceptiongroup._formatting\u003c/code\u003e that caused compatibility\nissues with Sentry (\u003ccode\u003e[#123](https://github.com/agronholm/exceptiongroup/issues/123) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/123\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.1\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the copying of \u003ccode\u003e__notes__\u003c/code\u003e to match CPython behavior (PR by CF Bolz-Tereick)\u003c/li\u003e\n\u003cli\u003eCorrected the type annotation of the exception handler callback to accept a\n\u003ccode\u003eBaseExceptionGroup\u003c/code\u003e instead of \u003ccode\u003eBaseException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed type errors on Python \u0026lt; 3.10 and the type annotation of \u003ccode\u003esuppress()\u003c/code\u003e\n(PR by John Litborn)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.0\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded special monkeypatching if \u003ccode\u003eApport \u0026lt;https://github.com/canonical/apport\u0026gt;\u003c/code\u003e_ has\noverridden \u003ccode\u003esys.excepthook\u003c/code\u003e so it will format exception groups correctly\n(PR by John Litborn)\u003c/li\u003e\n\u003cli\u003eAdded a backport of \u003ccode\u003econtextlib.suppress()\u003c/code\u003e from Python 3.12.1 which also handles\nsuppressing exceptions inside exception groups\u003c/li\u003e\n\u003cli\u003eFixed bare \u003ccode\u003eraise\u003c/code\u003e in a handler reraising the original naked exception rather than\nan exception group which is what is raised when you do a \u003ccode\u003eraise\u003c/code\u003e in an \u003ccode\u003eexcept*\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ddddb6fdf8582c4ae5187dc1bd258115974229fe\"\u003e\u003ccode\u003eddddb6f\u003c/code\u003e\u003c/a\u003e Added the release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/49c5e60d9efad1416f4f42455e119375904a1d6d\"\u003e\u003ccode\u003e49c5e60\u003c/code\u003e\u003c/a\u003e Fixed AttributeError when formatting unpickled TBEs from an unpatched process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/1be517f553249822a8fa12a4d7520d4b3ef15acd\"\u003e\u003ccode\u003e1be517f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/af0ea2fdfe218a4c2a1cb31ebd1a61dba459af6f\"\u003e\u003ccode\u003eaf0ea2f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/7c980a88a06a72db3d796d98504b335d24274abb\"\u003e\u003ccode\u003e7c980a8\u003c/code\u003e\u003c/a\u003e Removed pin on pyright version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ef853368c8b94479adbd33cc58f1cac05839e116\"\u003e\u003ccode\u003eef85336\u003c/code\u003e\u003c/a\u003e Fixed typing job not finding Python 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/080b3f4e925bbdb8cee70cc30c5ef2937eab2bde\"\u003e\u003ccode\u003e080b3f4\u003c/code\u003e\u003c/a\u003e Pinned pyright version to fix typeshed related failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ac660908a1987880eddbb249947c1eef6e08513b\"\u003e\u003ccode\u003eac66090\u003c/code\u003e\u003c/a\u003e Added Python 3.14 to the test matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/a0da94dadfb39c0b52c0cd5c87ace166b00f74c1\"\u003e\u003ccode\u003ea0da94d\u003c/code\u003e\u003c/a\u003e Fixed test failures on Python 3.14\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/agronholm/exceptiongroup/compare/1.3.0...1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.11 (2025-10-12)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14, lowest supported version is Python 3.8.\u003c/li\u003e\n\u003cli\u003eVarious updates to packaging, including PEP 740 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/ad949ee3052c2265c66e3df2dd8871a5832ba327\"\u003e\u003ccode\u003ead949ee\u003c/code\u003e\u003c/a\u003e Release v3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cae4ba779e0a543823894bd4136651c187944da8\"\u003e\u003ccode\u003ecae4ba7\u003c/code\u003e\u003c/a\u003e Second release candidate for 3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8adb305165c77c4a45d1568a70ead75d2197692c\"\u003e\u003ccode\u003e8adb305\u003c/code\u003e\u003c/a\u003e Add space in RST link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/74cb2b652bb06133b0c4ab52cc98221be63162cf\"\u003e\u003ccode\u003e74cb2b6\u003c/code\u003e\u003c/a\u003e Release candidate for 3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05dab09fdde5bbf7d52f757c4dc62e0ba934cca8\"\u003e\u003ccode\u003e05dab09\u003c/code\u003e\u003c/a\u003e Format idna-data with ruff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/90eac78b737d26613776b490432fc6d926b15c55\"\u003e\u003ccode\u003e90eac78\u003c/code\u003e\u003c/a\u003e Apply ruff formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a31ce7ecc0b767e40abb5ce28744ac567b73f366\"\u003e\u003ccode\u003ea31ce7e\u003c/code\u003e\u003c/a\u003e Remove errant test vectors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/81f03334211c78c1832991ce70ebafb3cbfbb79c\"\u003e\u003ccode\u003e81f0333\u003c/code\u003e\u003c/a\u003e Omit vectors known to be broken in test suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a0f32578c0cac28c7ffbb4c860c92eb2b9b579bd\"\u003e\u003ccode\u003ea0f3257\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into unicode-16-uts46-changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/38d98860e6a1ab92fd35ab09ea4739feabf339a3\"\u003e\u003ccode\u003e38d9886\u003c/code\u003e\u003c/a\u003e Remove extra UTS46 test vector\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.11\"\u003ecompare view\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/notus-scanner/pull/700","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fnotus-scanner/issues/700","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/700/packages"}],"issue_packages":[{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":"/apps/server","pr_created_at":"2026-05-28T06:08:16.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"4538130453","node_id":"PR_kwDOSjgTwM7gHWTi","number":25,"state":"closed","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0 in /apps/server","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T06:11:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T06:08:16.000Z","updated_at":"2026-05-28T06:11:43.000Z","time_to_close":204,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":"/apps/server","ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tenggouwa/Tenggouwa-site/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenggouwa%2FTenggouwa-site/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"3.2.0","new_version":"4.3.0","update_type":"major","path":null,"pr_created_at":"2026-05-19T09:33:39.000Z","version_change":"3.2.0 → 4.3.0","issue":{"uuid":"4476203524","node_id":"PR_kwDOEQn6qs7dAaGc","number":13,"state":"closed","title":"Bump h2 from 3.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":true,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T09:33:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T09:33:39.000Z","updated_at":"2026-05-19T09:33:53.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"3.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 3.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v3.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=3.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/illixion/S-scrape/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/illixion/S-scrape/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/illixion%2FS-scrape/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-12T02:18:37.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4425683503","node_id":"PR_kwDOOBPvtM7afuC2","number":22,"state":"open","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T02:18:37.000Z","updated_at":"2026-05-12T02:18:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"urllib3","old_version":"2.2.1","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"idna","old_version":"3.6","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"certifi","old_version":"2024.2.2","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the /packages/sdk/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.7.0` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.7` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.27` |\n| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n\n\nUpdates `urllib3` from 2.2.1 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.1...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2024.2.2 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3....\n\n_Description has been truncated_","html_url":"https://github.com/arthrod/agent-protocol/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fagent-protocol/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-07T08:09:47.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4397170967","node_id":"PR_kwDOSGm4ss7ZD3s4","number":9,"state":"closed","title":"chore(deps): bump the pip group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-07T08:30:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-07T08:09:47.000Z","updated_at":"2026-05-07T22:13:51.000Z","time_to_close":1232,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":4,"packages":[{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"langchain-community","old_version":"0.2.10","new_version":"0.3.27","repository_url":"https://github.com/langchain-ai/langchain-community"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"0.37.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /plugins directory: [h2](https://github.com/python-hyper/h2), [langchain-community](https://github.com/langchain-ai/langchain-community), [python-multipart](https://github.com/Kludex/python-multipart) and [starlette](https://github.com/Kludex/starlette).\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-community` from 0.2.10 to 0.3.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-community/releases\"\u003elangchain-community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elibs/community/v0.3.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecommunity[patch]: verify ssl by default in RecursiveUrlLoader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/136\"\u003elangchain-ai/langchain-community#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Change JSON loader to be able to handle UTF-8-BOM files by \u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWriteFileTool should create not existent parent dirs in file_path by \u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:zap: fix: update OpenAI model cost values for accuracy by \u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: Prevent XXE in evernote loader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/139\"\u003elangchain-ai/langchain-community#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease 0.3.27 by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/143\"\u003elangchain-ai/langchain-community#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[USearch]: Intializations of ids in case self.ids is None by \u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: drop langsmith upper bound and release 0.3.26 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/127\"\u003elangchain-ai/langchain-community#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: replace invalid scenexplain algorithm by \u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einfra: specify pyopenssl in extended test deps by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/80\"\u003elangchain-ai/langchain-community#80\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: deprecate Tavily tools in favor of langchain-tavily implementation by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/79\"\u003elangchain-ai/langchain-community#79\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecating hugging face implementation in langchain_community by \u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evectorstores[azure_search]: fix regression in 0.3.24  by \u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: Add cost data for aws bedrock claude 4 series models by \u003ca href=\"https://github.com/AsifMehmood97\"\u003e\u003ccode\u003e@​AsifMehmood97\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/83\"\u003elangchain-ai/langchain-community#83\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove no-untyped-def escapes by \u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add search endpoint for Firecrawl Integration by \u003ca href=\"https://github.com/ftonato\"\u003e\u003ccode\u003e@​ftonato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/87\"\u003elangchain-ai/langchain-community#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: ssl verification should be enabled by default everywhere by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/75\"\u003elangchain-ai/langchain-community#75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle image of size 0 bytes in PyPDFParser by \u003ca href=\"https://github.com/soucosmo\"\u003e\u003ccode\u003e@​soucosmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/84\"\u003elangchain-ai/langchain-community#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add depandabot config by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/90\"\u003elangchain-ai/langchain-community#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHarden Azure ML url validation by \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/88\"\u003elangchain-ai/langchain-community#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update readme by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/95\"\u003elangchain-ai/langchain-community#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epatch: sanitize file extension in HuggingFaceTextToSpeechModelInference by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/101\"\u003elangchain-ai/langchain-community#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: telegram multiformat by \u003ca href=\"https://github.com/jerryyf\"\u003e\u003ccode\u003e@​jerryyf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/89\"\u003elangchain-ai/langchain-community#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: release 0.3.25 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/86\"\u003elangchain-ai/langchain-community#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchain-community/commits/libs/community/v0.3.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.37.2 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.37.2...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Drbambi7/omi/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Drbambi7/omi/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drbambi7%2Fomi/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-16T02:33:05.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"4272870979","node_id":"PR_kwDOQYh2Ys7S1ayD","number":5,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-17T00:49:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-16T02:33:05.000Z","updated_at":"2026-04-17T00:49:50.000Z","time_to_close":80203,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":12,"packages":[{"name":"langgraph","old_version":"1.0.1","new_version":"1.0.10rc1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"pip","old_version":"25.2","new_version":"26.0","repository_url":"https://github.com/pypa/pip"},{"name":"cryptography","old_version":"45.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"langgraph-checkpoint","old_version":"2.1.2","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langsmith","old_version":"0.4.40","new_version":"0.7.31","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"protobuf","old_version":"6.31.1","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.46.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 10 updates in the /lib directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.1` | `1.0.10rc1` |\n| [pip](https://github.com/pypa/pip) | `25.2` | `26.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `45.0.3` | `46.0.7` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.1.2` | `4.0.0` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.40` | `0.7.31` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.46.2` | `0.49.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n\n\nUpdates `langgraph` from 1.0.1 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: prebuilt 1.0.9 and langgraph 1.1.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7401\"\u003e#7401\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: enhance runtime w/ more execution information (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: tool node injection bug (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7391\"\u003e#7391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7356\"\u003e#7356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump pygments from 2.19.2 to 2.20.0 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7354\"\u003e#7354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.20 to 1.2.22 in /libs/prebuilt in the minor-and-patch group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7289\"\u003e#7289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump requests from 2.32.5 to 2.33.0 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7281\"\u003e#7281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7247\"\u003e#7247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7215\"\u003e#7215\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/sdk-py with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7197\"\u003e#7197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump orjson from 3.11.5 to 3.11.6 in /libs/prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7145\"\u003e#7145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7135\"\u003e#7135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7120\"\u003e#7120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7102\"\u003e#7102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7072\"\u003e#7072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 4 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7073\"\u003e#7073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph) 1.0.10 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6967\"\u003e#6967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.1...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.2 to 26.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.0 (2026-01-30)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for non-bare project names in egg fragments. Affected users should use\nthe \u003ccode\u003eDirect URL requirement syntax \u0026lt;https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references\u0026gt;\u003c/code\u003e\u003cem\u003e. (\u003ccode\u003e[#13157](https://github.com/pypa/pip/issues/13157) \u0026lt;https://github.com/pypa/pip/issues/13157\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisplay pip's command-line help in colour, if possible. (\u003ccode\u003e[#12134](https://github.com/pypa/pip/issues/12134) \u0026lt;https://github.com/pypa/pip/issues/12134\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport installing dependencies declared with inline script metadata\n(:pep:\u003ccode\u003e723\u003c/code\u003e) with \u003ccode\u003e--requirements-from-script\u003c/code\u003e. (\u003ccode\u003e[#12891](https://github.com/pypa/pip/issues/12891) \u0026lt;https://github.com/pypa/pip/issues/12891\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--all-releases\u003c/code\u003e and \u003ccode\u003e--only-final\u003c/code\u003e options to control pre-release\nand final release selection during package installation. (\u003ccode\u003e[#13221](https://github.com/pypa/pip/issues/13221) \u0026lt;https://github.com/pypa/pip/issues/13221\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e option to only consider packages uploaded prior to\na given datetime when the \u003ccode\u003eupload-time\u003c/code\u003e field is available from a remote index. (\u003ccode\u003e[#13625](https://github.com/pypa/pip/issues/13625) \u0026lt;https://github.com/pypa/pip/issues/13625\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--use-feature inprocess-build-deps\u003c/code\u003e to request that build dependencies are installed\nwithin the same pip install process. This new mechanism is faster, supports \u003ccode\u003e--no-clean\u003c/code\u003e\nand \u003ccode\u003e--no-cache-dir\u003c/code\u003e reliably, and supports prompting for authentication.\u003c/p\u003e\n\u003cp\u003eEnabling this feature will also enable \u003ccode\u003e--use-feature build-constraints\u003c/code\u003e. This feature will\nbecome the default in a future pip version. (\u003ccode\u003e[#9081](https://github.com/pypa/pip/issues/9081) \u0026lt;https://github.com/pypa/pip/issues/9081\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epip cache purge\u003c/code\u003e and \u003ccode\u003epip cache remove\u003c/code\u003e now clean up empty directories\nand legacy files left by older pip versions. (\u003ccode\u003e[#9058](https://github.com/pypa/pip/issues/9058) \u0026lt;https://github.com/pypa/pip/issues/9058\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix selecting pre-release versions when only pre-releases match.\nFor example, \u003ccode\u003epackage\u0026gt;1.0\u003c/code\u003e with versions \u003ccode\u003e1.0, 2.0rc1\u003c/code\u003e now installs\n\u003ccode\u003e2.0rc1\u003c/code\u003e instead of failing. (\u003ccode\u003e[#13746](https://github.com/pypa/pip/issues/13746) \u0026lt;https://github.com/pypa/pip/issues/13746\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRevisions in version control URLs now must be percent-encoded.\nFor example, use \u003ccode\u003egit+https://example.com/repo.git@issue%231\u003c/code\u003e to specify the branch \u003ccode\u003eissue#1\u003c/code\u003e.\nIf you previously used a branch name containing a \u003ccode\u003e%\u003c/code\u003e character in a version control URL, you now need to replace it with \u003ccode\u003e%25\u003c/code\u003e to ensure correct percent-encoding. (\u003ccode\u003e[#13407](https://github.com/pypa/pip/issues/13407) \u0026lt;https://github.com/pypa/pip/issues/13407\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePreserve original casing when a path is displayed. (\u003ccode\u003e[#6823](https://github.com/pypa/pip/issues/6823) \u0026lt;https://github.com/pypa/pip/issues/6823\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix bash completion when the \u003ccode\u003e$IFS\u003c/code\u003e variable has been modified from its default. (\u003ccode\u003e[#13555](https://github.com/pypa/pip/issues/13555) \u0026lt;https://github.com/pypa/pip/issues/13555\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrecompute Python requirements on each candidate, reducing time of long resolutions. (\u003ccode\u003e[#13656](https://github.com/pypa/pip/issues/13656) \u0026lt;https://github.com/pypa/pip/issues/13656\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSkip redundant work converting version objects to strings when using the\n\u003ccode\u003eimportlib.metadata\u003c/code\u003e backend. (\u003ccode\u003e[#13660](https://github.com/pypa/pip/issues/13660) \u0026lt;https://github.com/pypa/pip/issues/13660\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003epip index versions\u003c/code\u003e to honor only-binary/no-binary options. (\u003ccode\u003e[#13682](https://github.com/pypa/pip/issues/13682) \u0026lt;https://github.com/pypa/pip/issues/13682\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix fallthrough logic for options, allowing overriding global options with\ndefaults from user config. (\u003ccode\u003e[#13703](https://github.com/pypa/pip/issues/13703) \u0026lt;https://github.com/pypa/pip/issues/13703\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eUse a path-segment prefix comparison, not char-by-char. (\u003ccode\u003e[#13777](https://github.com/pypa/pip/issues/13777) \u0026lt;https://github.com/pypa/pip/issues/13777\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f4d4a836ed00076001376fbb0ce6dc4f22cdae2\"\u003e\u003ccode\u003e2f4d4a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13779\"\u003e#13779\u003c/a\u003e from notatallshaw/fix-26.0-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/04307a42261749cfa1c86a5537ad88f44ed2a41a\"\u003e\u003ccode\u003e04307a4\u003c/code\u003e\u003c/a\u003e fix 26.0 news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/6ec7b0a488f614a7632442fe7c651957fdb5fc85\"\u003e\u003ccode\u003e6ec7b0a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13775\"\u003e#13775\u003c/a\u003e from notatallshaw/release/26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4104356cd83d1614af45d203d64cb84705dad9d2\"\u003e\u003ccode\u003e4104356\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/58be8836b68814295d33bc5c56c38d3a0659ae81\"\u003e\u003ccode\u003e58be883\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66f2dece5ba9cc0ee9fe7035c46ba4b0756559b5\"\u003e\u003ccode\u003e66f2dec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13778\"\u003e#13778\u003c/a\u003e from ichard26/docs/groups\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/0214103df7d7e6e3de3b8352ce3a3135437124f0\"\u003e\u003ccode\u003e0214103\u003c/code\u003e\u003c/a\u003e doc: Re-expose package selection group options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/fdbe7628f3ce5d99ac5962fa9dba9e31f3738fcc\"\u003e\u003ccode\u003efdbe762\u003c/code\u003e\u003c/a\u003e Install pip within docs Nox sessions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735\"\u003e\u003ccode\u003e8e227a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13777\"\u003e#13777\u003c/a\u003e from sethmlarson/commonpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/f5315ad96808c106a5c73936cebd335082be406e\"\u003e\u003ccode\u003ef5315ad\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13776\"\u003e#13776\u003c/a\u003e from ichard26/docs/versionadded\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.2...26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.79 to 1.2.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.2.30\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.29\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\nchore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.29\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.28\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.28\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.27\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\nfix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.27\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.26\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\nfix(core): handle symlinks in deprecated prompt save path (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36585\"\u003e#36585\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.26\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.25\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nfix(core): add init validator and serialization mappings for Bedrock models (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34510\"\u003e#34510\u003c/a\u003e)\nfeat(core): add \u003ccode\u003eChatBaseten\u003c/code\u003e to serializable mapping (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36510\"\u003e#36510\u003c/a\u003e)\nchore(core): drop \u003ccode\u003egpt-3.5-turbo\u003c/code\u003e from docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36497\"\u003e#36497\u003c/a\u003e)\nfix(core): correct parameter names in filter_messages docstring example (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36462\"\u003e#36462\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.25\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.24\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.25 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36473\"\u003e#36473\u003c/a\u003e)\nfix(core): harden check for txt files in deprecated prompt loading functions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eCredit to Jeff Ponte (\u003ca href=\"https://github.com/JDP-Security\"\u003e\u003ccode\u003e@​JDP-Security\u003c/code\u003e\u003c/a\u003e) for reporting the symlink resolution issue resolved in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36471\"\u003e#36471\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.2.24\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.23\u003c/p\u003e\n\u003cp\u003erelease(core): 1.2.24 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36434\"\u003e#36434\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8f1c920f7d5f4d8e46eaf922a1c2f6d4458b9e91\"\u003e\u003ccode\u003e8f1c920\u003c/code\u003e\u003c/a\u003e release(core): 1.2.30 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36770\"\u003e#36770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7bafe6f6fff4cfce09c5e5dcfc0d302efebdb3aa\"\u003e\u003ccode\u003e7bafe6f\u003c/code\u003e\u003c/a\u003e chore(core): harden private SSRF utilities (port 36768) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36769\"\u003e#36769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/479a2552b304c29ec005e5bf459e9c546087e68d\"\u003e\u003ccode\u003e479a255\u003c/code\u003e\u003c/a\u003e release(core): 1.2.29 and also port \u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36727\"\u003e#36727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/396711b228f986bb536f2c971dd9663f8b18c864\"\u003e\u003ccode\u003e396711b\u003c/code\u003e\u003c/a\u003e ci: pin all actions to full-length commit SHAs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36621\"\u003e#36621\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36728\"\u003e#36728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dd7c3eb3a4acfc834b038ec9dbde94478c66776e\"\u003e\u003ccode\u003edd7c3eb\u003c/code\u003e\u003c/a\u003e release(core): release 1.2.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36614\"\u003e#36614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258\"\u003e\u003ccode\u003eaf2ed47\u003c/code\u003e\u003c/a\u003e fix(core): add more sanitization to templates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36612\"\u003e#36612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7e5858d8078124f98f10102da21414689467c132\"\u003e\u003ccode\u003e7e5858d\u003c/code\u003e\u003c/a\u003e release(standard-tests): 1.1.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36610\"\u003e#36610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fe99cb29123b704a90f5c8587a757def3b1471e0\"\u003e\u003ccode\u003efe99cb2\u003c/code\u003e\u003c/a\u003e fix(standard-tests): update standard tests for sandbox backends (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36036\"\u003e#36036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/65bbd47cb2721c51ef8638f9e7da35247c4bfdde\"\u003e\u003ccode\u003e65bbd47\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36596\"\u003e#36596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/64864041168606535dfbd39055c0dca3dd61b5ba\"\u003e\u003ccode\u003e6486404\u003c/code\u003e\u003c/a\u003e release(core): 1.2.27 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36586\"\u003e#36586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.79...langchain-core==1.2.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-checkpoint` from 2.1.2 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-checkpoint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-checkpoint==4.0.0\u003c/h2\u003e\n\u003cp\u003eChanges since checkpoint==3.0.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(checkpoint): InMemorySaver context managers should return self in… (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6529\"\u003e#6529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: docstring for serializer protocol (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6525\"\u003e#6525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: clean up some refs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6487\"\u003e#6487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003epyproject.toml\u003c/code\u003e links (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6364\"\u003e#6364\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.5\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint-postgres): 3.0.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7221\"\u003e#7221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: re-use connection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7220\"\u003e#7220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7194\"\u003e#7194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7071\"\u003e#7071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint):  0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6966\"\u003e#6966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add serde events (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6954\"\u003e#6954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update defaults (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6953\"\u003e#6953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: rc2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6949\"\u003e#6949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6916\"\u003e#6916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.7 to 1.2.11 in /libs/checkpoint-postgres (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6831\"\u003e#6831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6808\"\u003e#6808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.4\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: storage nits (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6651\"\u003e#6651\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-sqlite==3.0.3\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointsqlite==3.0.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: aiosqlite's breaking change (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): upgrade dependencies with \u003ccode\u003euv lock --upgrade\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6671\"\u003e#6671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update twitter URLs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6683\"\u003e#6683\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-checkpoint-postgres==3.0.2\u003c/h2\u003e\n\u003cp\u003eChanges since checkpointpostgres==3.0.1\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f91d79d0c86932ded6e3b9f195d5a0bbd5aef99c\"\u003e\u003ccode\u003ef91d79d\u003c/code\u003e\u003c/a\u003e fix: flip default on base cache (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6677\"\u003e#6677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/cb2faa7dda0f2ea49d2729361e1802fb233feaa5\"\u003e\u003ccode\u003ecb2faa7\u003c/code\u003e\u003c/a\u003e fix(prebuilt): support generic type arguments for ToolRuntime injection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6509\"\u003e#6509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a5827c5c6193669d3063897e1845a45cfb90d732\"\u003e\u003ccode\u003ea5827c5\u003c/code\u003e\u003c/a\u003e fix: change default recursion limit (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5212369bd0791806083f183cb19ccce024db8790\"\u003e\u003ccode\u003e5212369\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add end-time to crons client (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7045a23148bfb7c7de825776531d163f22241aaa\"\u003e\u003ccode\u003e7045a23\u003c/code\u003e\u003c/a\u003e fix: add \u003ccode\u003estate\u003c/code\u003e attribute to \u003ccode\u003eToolCallRequest\u003c/code\u003e overrides (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6668\"\u003e#6668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/728db10b1f38c9c56f097d2847f0330977d5eba2\"\u003e\u003ccode\u003e728db10\u003c/code\u003e\u003c/a\u003e fix: suppress unintended deprecation warning (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6669\"\u003e#6669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/454af218968b2962b4beeb9a28b9d421f0610694\"\u003e\u003ccode\u003e454af21\u003c/code\u003e\u003c/a\u003e feat(sdk-py): cron.on_run_completed support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b4630d84520e5f8b6c6580f15cd7dada214ef657\"\u003e\u003ccode\u003eb4630d8\u003c/code\u003e\u003c/a\u003e chore: delete docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6488\"\u003e#6488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/311465bbf7751829942b92bc28c5a79e0666710f\"\u003e\u003ccode\u003e311465b\u003c/code\u003e\u003c/a\u003e fix: sanitize namespace for deeply nested graph jumps (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6665\"\u003e#6665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8ccead9560f6cd76537f632d7a310ba41e38f28b\"\u003e\u003ccode\u003e8ccead9\u003c/code\u003e\u003c/a\u003e docs: x-refs and explainer in tool node docs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6653\"\u003e#6653\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/checkpoint==2.1.2...checkpoint==4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.4.40 to 0.7.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps-dev): bump langchain-core from 1.2.23 to 1.2.28 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2692\"\u003elangchain-ai/langsmith-sdk#2692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.82.0 to 0.84.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2684\"\u003elangchain-ai/langsmith-sdk#2684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.6 to 46.0.7 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2693\"\u003elangchain-ai/langsmith-sdk#2693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.84.0 to 0.85.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2700\"\u003elangchain-ai/langsmith-sdk#2700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(py): Tag OpenAI Agent Python SDK runs with ls_agent_type by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2699\"\u003elangchain-ai/langsmith-sdk#2699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): Adds ls_agent_type metadata to AI SDK runs by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2701\"\u003elangchain-ai/langsmith-sdk#2701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2710\"\u003elangchain-ai/langsmith-sdk#2710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pnpm/action-setup from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2705\"\u003elangchain-ai/langsmith-sdk#2705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 10 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2711\"\u003elangchain-ai/langsmith-sdk#2711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.85.0 to 0.86.0 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2702\"\u003elangchain-ai/langsmith-sdk#2702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/github-script from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2706\"\u003elangchain-ai/langsmith-sdk#2706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2712\"\u003elangchain-ai/langsmith-sdk#2712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2709\"\u003elangchain-ai/langsmith-sdk#2709\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2708\"\u003elangchain-ai/langsmith-sdk#2708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Filter kwargs from new token events by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2714\"\u003elangchain-ai/langsmith-sdk#2714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.31 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2716\"\u003elangchain-ai/langsmith-sdk#2716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.30...v0.7.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(python): add service feature to sandbox by \u003ca href=\"https://github.com/DanielKneipp\"\u003e\u003ccode\u003e@​DanielKneipp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2665\"\u003elangchain-ai/langsmith-sdk#2665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): Fix prototype pollution bug in anonymizers by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2690\"\u003elangchain-ai/langsmith-sdk#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.5.18 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2691\"\u003elangchain-ai/langsmith-sdk#2691\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(js/sandbox): suppress warning log by \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2694\"\u003elangchain-ai/langsmith-sdk#2694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): Add metadata to Claude Agent SDK JS tracing by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2695\"\u003elangchain-ai/langsmith-sdk#2695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(py): Fix run tree memory leak by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2696\"\u003elangchain-ai/langsmith-sdk#2696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.30 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2698\"\u003elangchain-ai/langsmith-sdk#2698\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.29...v0.7.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease(js): 0.5.17 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2681\"\u003elangchain-ai/langsmith-sdk#2681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(py): Fix race condition around Claude Agent SDK instrumentation by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2685\"\u003elangchain-ai/langsmith-sdk#2685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.7.29 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2686\"\u003elangchain-ai/langsmith-sdk#2686\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.28...v0.7.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.7.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(py): Support subagent tracing in Claude Agents SDK, fix usage and duplicate messages by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2670\"\u003elangchain-ai/langsmith-sdk#2670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2677\"\u003elangchain-ai/langsmith-sdk#2677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2667\"\u003elangchain-ai/langsmith-sdk#2667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pnpm/action-setup from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2658\"\u003elangchain-ai/langsmith-sdk#2658\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/c434999d05c00334efeba88b8bbd2de9f3afbef6\"\u003e\u003ccode\u003ec434999\u003c/code\u003e\u003c/a\u003e release(py): 0.7.31 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2716\"\u003e#2716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/47d7c4a783333e716395d802e7632f1f1b4744d3\"\u003e\u003ccode\u003e47d7c4a\u003c/code\u003e\u003c/a\u003e feat: Filter kwargs from new token events (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2714\"\u003e#2714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/3c57445b543c9a2f86db52024ea2c998bfc2ffab\"\u003e\u003ccode\u003e3c57445\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump rich from 14.3.3 to 15.0.0 in /python (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2708\"\u003e#2708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/2be6cd01a2b6e35e811488d3561e7b0b57b06f63\"\u003e\u003ccode\u003e2be6cd0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump types-psutil from 7.2.2.20260130 to 7.2.2.20260408 in /...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/b8b6ca32d43c919c07a4e13c99a83bcaab8accb0\"\u003e\u003ccode\u003eb8b6ca3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the js-minor-and-patch group across 1 directory with 7 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/9897cb33da7698291637f268edd833ca3e1adde6\"\u003e\u003ccode\u003e9897cb3\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/github-script from 8 to 9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2706\"\u003e#2706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/572c0184285747e027a796e03ea6c9ba171e09a6\"\u003e\u003ccode\u003e572c018\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump \u003ccode\u003e@​anthropic-ai/sdk\u003c/code\u003e from 0.85.0 to 0.86.0 in /js (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2702\"\u003e#2702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/57447524c88b6bba2775161aa449da32fb8e5c42\"\u003e\u003ccode\u003e5744752\u003c/code\u003e\u003c/a\u003e chore(deps): bump the py-minor-and-patch group across 1 directory with 10 upd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/960cae7f490e9ccbe428e6b56c8047bdb7b942a5\"\u003e\u003ccode\u003e960cae7\u003c/code\u003e\u003c/a\u003e chore(deps): bump pnpm/action-setup from 5 to 6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/2705\"\u003e#2705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/9370e7670abf7f8f9a36fbb72250bcfd2f91e7c6\"\u003e\u003ccode\u003e9370e76\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump types-tqdm from 4.67.3.20260303 to 4.67.3.20260408 in /...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.4.40...v0.7.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.18 to 3.11.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.8\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.7\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a faster library to serialize \u003ccode\u003efloat\u003c/code\u003e. Users with byte-exact regression\ntests should note positive exponents are now written using a \u003ccode\u003e+\u003c/code\u003e, e.g.,\n\u003ccode\u003e1.2e+30\u003c/code\u003e instead of \u003ccode\u003e1.2e30\u003c/code\u003e. Both formats are spec-compliant.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5 free-threading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.6\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.8 - 2026-03-31\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and compatibility improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.7 - 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a faster library to serialize \u003ccode\u003efloat\u003c/code\u003e. Users with byte-exact regression\ntests should note positive exponents are now written using a \u003ccode\u003e+\u003c/code\u003e, e.g.,\n\u003ccode\u003e1.2e+30\u003c/code\u003e instead of \u003ccode\u003e1.2e30\u003c/code\u003e. Both formats are spec-compliant.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5 free-threading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.6 - 2026-01-29\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/5cbb3d0398a2f42de51210270286fecd798c5d78\"\u003e\u003ccode\u003e5cbb3d0\u003c/code\u003e\u003c/a\u003e 3.11.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4195d7f263e33076295b75efdcbaf6a55af8674e\"\u003e\u003ccode\u003e4195d7f\u003c/code\u003e\u003c/a\u003e writer::half\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d00641b69410728a735f0855eb1c2843b0a5819b\"\u003e\u003ccode\u003ed00641b\u003c/code\u003e\u003c/a\u003e writer::uuid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c84d9b4ba4853781af943fa5c493e261e2f82b84\"\u003e\u003ccode\u003ec84d9b4\u003c/code\u003e\u003c/a\u003e build and compatibility misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4547234b681fac5e0e0734cf44c21e75f9654e43\"\u003e\u003ccode\u003e4547234\u003c/code\u003e\u003c/a\u003e ffi::numpy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/0d4a5ad1f17a72528ba027554466fdec6580cdeb\"\u003e\u003ccode\u003e0d4a5ad\u003c/code\u003e\u003c/a\u003e datetime PyRef idiom\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/e93a13d372ec956d027e71d023eb534b8445ac85\"\u003e\u003ccode\u003ee93a13d\u003c/code\u003e\u003c/a\u003e Cross-compile avoids maturin v1.12 build-details.json error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/ec2b066cae79ae4a90ed126ac5723335dd99e408\"\u003e\u003ccode\u003eec2b066\u003c/code\u003e\u003c/a\u003e 3.11.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1ca01f78cf4198ec37407d83713afa6e5c53dbf9\"\u003e\u003ccode\u003e1ca01f7\u003c/code\u003e\u003c/a\u003e zmij\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1716a226bd1f38db01503f30cd37b0efec48d88e\"\u003e\u003ccode\u003e1716a22\u003c/code\u003e\u003c/a\u003e cargo update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.18...3.11.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.31.1 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/...\n\n_Description has been truncated_","html_url":"https://github.com/dporkka/abi/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dporkka%2Fabi/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-15T21:52:24.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4271927689","node_id":"PR_kwDOOBPvtM7Syd_8","number":20,"state":"open","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-15T21:52:24.000Z","updated_at":"2026-04-15T21:52:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"urllib3","old_version":"2.2.1","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"24.3.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"idna","old_version":"3.6","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"python-multipart","old_version":"0.0.6","new_version":"0.0.26","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"certifi","old_version":"2024.2.2","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the /packages/sdk/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.6.3` |\n| [black](https://github.com/psf/black) | `24.3.0` | `26.3.1` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.7` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.26` |\n| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` |\n\n\nUpdates `urllib3` from 2.2.1 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.1...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 24.3.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/24.3.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.6 to 0.0.26\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply Apache-2.0 properly by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003eKludex/python-multipart#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003eKludex/python-multipart#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003eKludex/python-multipart#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003eKludex/python-multipart#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove custom FormParser classes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003eKludex/python-multipart#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003eKludex/python-multipart#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MIME content type info to File by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003eKludex/python-multipart#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.24\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003eKludex/python-multipart#244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback by \u003ca href=\"https://github.com/jhnstrk\"\u003e\u003ccode\u003e@​jhnstrk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003eKludex/python-multipart#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003eKludex/python-multipart#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003eKludex/python-multipart#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove unused \u003ccode\u003etrust_x_headers\u003c/code\u003e parameter and \u003ccode\u003eX-File-Name\u003c/code\u003e fallback \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/196\"\u003e#196\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReturn processed length from \u003ccode\u003eQuerystringParser._internal_write\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/229\"\u003e#229\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCleanup metadata dunders from \u003ccode\u003e__init__.py\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/227\"\u003e#227\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.22 (2026-01-25)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop directory path from filename in \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4\"\u003e9433f4b\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.21 (2025-12-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14 and drop EOL 3.8 and 3.9 \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/216\"\u003e#216\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.20 (2024-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle messages containing only end boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/142\"\u003e#142\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.19 (2024-11-30)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't warn when CRLF is found after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/193\"\u003e#193\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.18 (2024-11-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHard break if found data after last boundary on \u003ccode\u003eMultipartParser\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/189\"\u003e#189\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.17 (2024-10-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle PermissionError in fallback code for old import name \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/182\"\u003e#182\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.16 (2024-10-27)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e\"\u003e\u003ccode\u003e28f4785\u003c/code\u003e\u003c/a\u003e Version 0.0.26 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f\"\u003e\u003ccode\u003ed4452a7\u003c/code\u003e\u003c/a\u003e Silently discard epilogue data after the closing boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37\"\u003e\u003ccode\u003e6a7b76d\u003c/code\u003e\u003c/a\u003e Skip preamble before first multipart boundary (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf\"\u003e\u003ccode\u003e4addb60\u003c/code\u003e\u003c/a\u003e Version 0.0.25 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d3a4698e0dc16cbd85f98076b2ebf9b696cd3604\"\u003e\u003ccode\u003ed3a4698\u003c/code\u003e\u003c/a\u003e Add MIME content type info to File (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a1ecbd074801fcd3911266f3f4442181d10ab92\"\u003e\u003ccode\u003e9a1ecbd\u003c/code\u003e\u003c/a\u003e Handle CTE values case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/ef2a0b94f95676ea6a7b77d2252b09f5797cb8ed\"\u003e\u003ccode\u003eef2a0b9\u003c/code\u003e\u003c/a\u003e Remove custom FormParser classes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3a757d7cf209e654eb17cf7b7af868eed469f680\"\u003e\u003ccode\u003e3a757d7\u003c/code\u003e\u003c/a\u003e Ignore local Claude state (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/55e739617db7c40e2cd04c5ad8c7acf2ed0a1d19\"\u003e\u003ccode\u003e55e7396\u003c/code\u003e\u003c/a\u003e fuzz: Add cifuzz (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d6d1d111e7de9ce3d3f8623fe5f5e4201c0a5fd1\"\u003e\u003ccode\u003ed6d1d11\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.26\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2024.2.2 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e soli...\n\n_Description has been truncated_","html_url":"https://github.com/arthrod/agent-protocol/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fagent-protocol/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-01T09:31:57.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"4185520466","node_id":"PR_kwDOOfRO387PMvy1","number":5,"state":"open","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T09:31:57.000Z","updated_at":"2026-04-01T09:32:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/secretary/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/secretary/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fsecretary/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"3.0.1","new_version":"4.3.0","update_type":"major","path":null,"pr_created_at":"2026-03-25T19:42:25.000Z","version_change":"3.0.1 → 4.3.0","issue":{"uuid":"4138041883","node_id":"PR_kwDOOcvgF87Nd5Pk","number":22,"state":"closed","title":"Bump the pip group across 4 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T07:02:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T19:42:25.000Z","updated_at":"2026-05-05T07:02:41.000Z","time_to_close":3496814,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":4,"packages":[{"name":"requests","old_version":"2.23.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"requests","old_version":"2.23.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pillow","old_version":"6.2.2","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"1.25.9","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"h2","old_version":"3.0.1","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"requests","old_version":"2.24.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pillow","old_version":"6.2.2","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"1.25.10","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /LayoutTests/imported/w3c/web-platform-tests/tools/wpt directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /LayoutTests/imported/w3c/web-platform-tests/tools/wptrunner directory: [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /LayoutTests/imported/w3c/web-platform-tests/tools/wptserve directory: [h2](https://github.com/python-hyper/h2).\nBumps the pip group with 3 updates in the /WebDriverTests/imported/w3c/tools/wptrunner directory: [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `requests` from 2.23.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.23.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 6.2.2 to 12.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.1.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch libavif for svt-av1 4.0 compatibility \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9413\"\u003e#9413\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix OOB Write with invalid tile extents \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e12.1.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDeprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate getdata(), in favour of new get_flattened_data() \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpecify APNG duration type when opening \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdded release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9350\"\u003e#9350\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9366\"\u003e#9366\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate ImageMorph documentation \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9349\"\u003e#9349\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eDocs: update major bump cadence \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9334\"\u003e#9334\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9070\"\u003e#9070\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9320\"\u003e#9320\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated Ubuntu version \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9306\"\u003e#9306\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9265\"\u003e#9265\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate harfbuzz to 12.3.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9355\"\u003e#9355\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate xz to 5.8.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9343\"\u003e#9343\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libjpeg-turbo to 3.1.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9333\"\u003e#9333\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated zlib-ng to 2.3.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9324\"\u003e#9324\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.53 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9325\"\u003e#9325\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout action to v6 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9323\"\u003e#9323\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependency mypy to v1.19.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9322\"\u003e#9322\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.51 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9305\"\u003e#9305\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated brotli to 1.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9284\"\u003e#9284\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libimagequant to 4.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9301\"\u003e#9301\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate zlib-ng to 2.3.1, except on manylinux2014 aarch64 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9312\"\u003e#9312\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 12.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9289\"\u003e#9289\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate github-actions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9277\"\u003e#9277\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace pre-commit with prek \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9360\"\u003e#9360\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest PyQt6 on Python 3.14 on Windows \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9353\"\u003e#9353\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest 32-bit Windows on Windows Server 2022 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9345\"\u003e#9345\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCorrect variable type \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9335\"\u003e#9335\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9\"\u003e\u003ccode\u003e5158d98\u003c/code\u003e\u003c/a\u003e 12.1.1 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\"\u003e\u003ccode\u003e9000313\u003c/code\u003e\u003c/a\u003e Fix OOB Write with invalid tile extents (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf\"\u003e\u003ccode\u003ecd01118\u003c/code\u003e\u003c/a\u003e Patch libavif for svt-av1 4.0 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/46f45f674d47b5d8bc54230dda8fe9e214598b87\"\u003e\u003ccode\u003e46f45f6\u003c/code\u003e\u003c/a\u003e 12.1.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c9ac097edb5594f63c40acd9afe6802547200379\"\u003e\u003ccode\u003ec9ac097\u003c/code\u003e\u003c/a\u003e Simplify band splitting (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3baedf264804d199bc19458d11bcff02ce7598eb\"\u003e\u003ccode\u003e3baedf2\u003c/code\u003e\u003c/a\u003e Deprecate getdata(), in favour of new get_flattened_data() (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/b51a0366852c1d519d108dfec8fc2d738cd8080f\"\u003e\u003ccode\u003eb51a036\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/8d08e31533065b623399a54bc92b39a756599ad4\"\u003e\u003ccode\u003e8d08e31\u003c/code\u003e\u003c/a\u003e Add release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9369\"\u003e#9369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/432707ea810ae619e2a9e4a9737c169cacaa8eda\"\u003e\u003ccode\u003e432707e\u003c/code\u003e\u003c/a\u003e Added release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/2d589107fb3a4aba8389932a65ff771bf9b4deb1\"\u003e\u003ccode\u003e2d58910\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/6.2.2...12.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.25.9 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.9...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 3.0.1 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v3.0.1...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.24.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.23.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 6.2.2 to 12.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.1.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch libavif for svt-av1 4.0 compatibility \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9413\"\u003e#9413\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix OOB Write with invalid tile extents \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e12.1.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDeprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate getdata(), in favour of new get_flattened_data() \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpecify APNG duration type when opening \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdded release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9350\"\u003e#9350\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9366\"\u003e#9366\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate ImageMorph documentation \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9349\"\u003e#9349\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eDocs: update major bump cadence \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9334\"\u003e#9334\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9070\"\u003e#9070\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9320\"\u003e#9320\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated Ubuntu version \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9306\"\u003e#9306\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9265\"\u003e#9265\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate harfbuzz to 12.3.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9355\"\u003e#9355\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate xz to 5.8.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9343\"\u003e#9343\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libjpeg-turbo to 3.1.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9333\"\u003e#9333\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated zlib-ng to 2.3.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9324\"\u003e#9324\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.53 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9325\"\u003e#9325\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/checkout action to v6 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9323\"\u003e#9323\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependency mypy to v1.19.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9322\"\u003e#9322\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.51 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9305\"\u003e#9305\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated brotli to 1.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9284\"\u003e#9284\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libimagequant to 4.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9301\"\u003e#9301\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate zlib-ng to 2.3.1, except on manylinux2014 aarch64 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9312\"\u003e#9312\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 12.2.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9289\"\u003e#9289\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate github-actions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9277\"\u003e#9277\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace pre-commit with prek \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9360\"\u003e#9360\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest PyQt6 on Python 3.14 on Windows \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9353\"\u003e#9353\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eTest 32-bit Windows on Windows Server 2022 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9345\"\u003e#9345\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCorrect variable type \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9335\"\u003e#9335\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/5158d98c807e719c5938aa3886913ef0ea6814e9\"\u003e\u003ccode\u003e5158d98\u003c/code\u003e\u003c/a\u003e 12.1.1 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\"\u003e\u003ccode\u003e9000313\u003c/code\u003e\u003c/a\u003e Fix OOB Write with invalid tile extents (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9427\"\u003e#9427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cd0111849fb32c40860e3ee3d57b9b1cee4260cf\"\u003e\u003ccode\u003ecd01118\u003c/code\u003e\u003c/a\u003e Patch libavif for svt-av1 4.0 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/46f45f674d47b5d8bc54230dda8fe9e214598b87\"\u003e\u003ccode\u003e46f45f6\u003c/code\u003e\u003c/a\u003e 12.1.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c9ac097edb5594f63c40acd9afe6802547200379\"\u003e\u003ccode\u003ec9ac097\u003c/code\u003e\u003c/a\u003e Simplify band splitting (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9291\"\u003e#9291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3baedf264804d199bc19458d11bcff02ce7598eb\"\u003e\u003ccode\u003e3baedf2\u003c/code\u003e\u003c/a\u003e Deprecate getdata(), in favour of new get_flattened_data() (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9292\"\u003e#9292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/b51a0366852c1d519d108dfec8fc2d738cd8080f\"\u003e\u003ccode\u003eb51a036\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9368\"\u003e#9368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/8d08e31533065b623399a54bc92b39a756599ad4\"\u003e\u003ccode\u003e8d08e31\u003c/code\u003e\u003c/a\u003e Add release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9369\"\u003e#9369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/432707ea810ae619e2a9e4a9737c169cacaa8eda\"\u003e\u003ccode\u003e432707e\u003c/code\u003e\u003c/a\u003e Added release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9348\"\u003e#9348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/2d589107fb3a4aba8389932a65ff771bf9b4deb1\"\u003e\u003ccode\u003e2d58910\u003c/code\u003e\u003c/a\u003e Specify APNG duration type when opening\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/6.2.2...12.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.25.10 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/saytyarnorngloreia/AppleWebKit-http/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saytyarnorngloreia%2FAppleWebKit-http/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-03-18T13:30:07.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4095151600","node_id":"PR_kwDONUO8uM7Li10o","number":105,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-18T21:29:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-18T13:30:07.000Z","updated_at":"2026-03-18T21:29:34.000Z","time_to_close":28765,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":18,"packages":[{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eUser-Agent\u003c/code\u003e header when fetching server metadata and JWKs. :issue:\u003ccode\u003e704\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRFC7523 accepts the issuer URL as a valid audience. :issue:\u003ccode\u003e730\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/5be3c518794b7322375bae2bf1871713d9b5c2fb\"\u003e\u003ccode\u003e5be3c51\u003c/code\u003e\u003c/a\u003e fix(jose): add ES256K into default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22\"\u003e\u003ccode\u003e48b345f\u003c/code\u003e\u003c/a\u003e fix(jose): remove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681\"\u003e\u003ccode\u003ea5d4b2d\u003c/code\u003e\u003c/a\u003e fix(jose): do not use header's jwk automatically\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n This PR performs a broad dependency refresh in `uv.lock`, upgrading numerous packages to their latest versions and restructuring lock file metadata.\n- Bumped `dspy` (2.5.6→3.0.4b1), `fastapi` (0.115.2→0.135.1), `openai` (1.52.0→1.109.1), `torch` (2.4.1→2.8.0), `litellm` (1.49.0→1.72.6.post2), and others\n- Added new packages: `annotated-doc`, `cloudpickle`, `gepa`, `hf-xet`, `typing-inspection`\n- Removed packages: `datasets`, `minijinja`, `responses`, `structlog`\n- Split `typing-extensions` into Python version-specific entries (4.12.2 for ≥3.11, 4.15.0 for \u003c3.11)\n- Updated NVIDIA CUDA packages to 12.8.x series; added `nvidia-cufile-cu12` and `nvidia-cusparselt-cu12`\n- Added `upload-time` metadata field to all package entries in the lock file \n\n\n\n\u003c!-- CONFIDENCE_SCORE --\u003e\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean with no detected issues.\n- Zero critical, significant, or medium issues were identified by automated analysis.\n- The heuristic ceiling allows a maximum score of 5/5, consistent with the clean review results.","html_url":"https://github.com/patrik-fredon/langflow/pull/105","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/105","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/105/packages"}},{"old_version":"4.0.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-03-12T06:40:42.000Z","version_change":"4.0.0 → 4.3.0","issue":{"uuid":"4062559580","node_id":"PR_kwDODXEXTM7J7ZyX","number":279,"state":"closed","title":"Bump h2 from 4.0.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-12T07:53:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-12T06:40:42.000Z","updated_at":"2026-03-12T07:53:22.000Z","time_to_close":4358,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"4.0.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.0.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 (2021-10-05)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The GitHub repository has been renamed to \u003ccode\u003epython-hyper/h2\u003c/code\u003e, previously\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.0.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/solarhell/font_obfuscator/pull/279","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/solarhell%2Ffont_obfuscator/issues/279","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/279/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-03-12T00:09:19.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4061340974","node_id":"PR_kwDONUO8uM7J3l1H","number":100,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-12T00:09:19.000Z","updated_at":"2026-03-12T00:12:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.7","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.7` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eUser-Agent\u003c/code\u003e header when fetching server metadata and JWKs. :issue:\u003ccode\u003e704\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.2 (2026-03-11)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:\u003ccode\u003e513\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.1 (2026-03-09)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e510\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): restore best-effort lock file cleanup on release :pr:\u003ccode\u003e511\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e508\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs(logo): add branded project logo :pr:\u003ccode\u003e507\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive dependency lock file update upgrading major versions of AI/ML and web framework packages and reorganizing package metadata.\n- Upgraded `openai` 1.52→1.109, `torch` 2.4→2.8, `dspy` 2.5→3.0b1, `fastapi` 0.115→0.135, `starlette` 0.38→0.49\n- Upgraded `protobuf` 4.x→5.x, `transformers` 4.45→4.53, `tokenizers` 0.20→0.21, `huggingface-hub` 0.25→0.36\n- Added `upload-time` metadata field to all package entries\n- Split `typing-extensions` into Python version-conditional variants (4.12.2 for ≥3.11, 4.15.0 for \u003c3.11)\n- Added new packages: `annotated-doc`, `cloudpickle`, `gepa`, `hf-xet`, `nvidia-cufile-cu12`, `nvidia-cusparselt-cu12`, `typing-inspection`\n- Removed packages: `datasets`, `minijinja`, `responses`, `structlog` \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean.\n- No critical, significant, or medium issues were identified in the heuristic analysis.\n- All changed files passed review with no flagged concerns.\n","html_url":"https://github.com/patrik-fredon/langflow/pull/100","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/100","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/100/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-03-06T03:14:12.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"4031961804","node_id":"PR_kwDONUO8uM7IYuR1","number":99,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-12T00:09:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-06T03:14:12.000Z","updated_at":"2026-03-12T00:09:24.000Z","time_to_close":507310,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":20,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.7","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.7` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e.. meta::\n:description: The full list of changes between each Authlib release.\u003c/p\u003e\n\u003cp\u003eHere you can see the full list of changes between each Authlib release.\u003c/p\u003e\n\u003ch2\u003eVersion 1.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eUnreleased\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eOpenID Connect RP-Initiated Logout 1.0 \u0026lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html\u0026gt;\u003c/code\u003e_.\nSee :ref:\u003ccode\u003especs/rpinitiated\u003c/code\u003e for details. :issue:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePer RFC 6749 Section 3.3, the \u003ccode\u003escope\u003c/code\u003e parameter is now optional at both\nauthorization and token endpoints. \u003ccode\u003eclient.get_allowed_scope()\u003c/code\u003e is called\nto determine the default scope when omitted. :issue:\u003ccode\u003e845\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9, start support Python 3.14. :pr:\u003ccode\u003e850\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eAuthorizationServerMetadata.validate()\u003c/code\u003e to compose with RFC extension classes.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at=0\u003c/code\u003e being incorrectly treated as \u003ccode\u003eNone\u003c/code\u003e. :issue:\u003ccode\u003e530\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eResourceProtector\u003c/code\u003e decorator to be used without parentheses. :issue:\u003ccode\u003e604\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImplement RFC9700 PKCE downgrade countermeasure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUpgrade Guide: :ref:\u003ccode\u003ejoserfc_upgrade\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Sep 17, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e\"\u003e\u003ccode\u003e38e872a\u003c/code\u003e\u003c/a\u003e chore: release 1.6.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7\"\u003e\u003ccode\u003eb87c32e\u003c/code\u003e\u003c/a\u003e fix: remove \u0026quot;none\u0026quot; algorithm from default jwt instance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.25.0 (2026-03-01)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(async): add AsyncReadWriteLock :pr:\u003ccode\u003e506\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 7 to 8 :pr:\u003ccode\u003e503\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 6 to 7 :pr:\u003ccode\u003e502\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMove SECURITY.md to .github/SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdd security policy\u003c/li\u003e\n\u003cli\u003eAdd permissions to check workflow :pr:\u003ccode\u003e500\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e499\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): resolve Windows deadlock and test race condition :pr:\u003ccode\u003e488\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(lock): add lifetime parameter for lock expiration (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/68\"\u003e#68\u003c/a\u003e) :pr:\u003ccode\u003e486\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add cancel_check to acquire (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/309\"\u003e#309\u003c/a\u003e) :pr:\u003ccode\u003e487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(api): detect same-thread self-deadlock :pr:\u003ccode\u003e481\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(mode): respect POSIX default ACLs (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/378\"\u003e#378\u003c/a\u003e) :pr:\u003ccode\u003e483\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): eliminate lock file race in threaded usage :pr:\u003ccode\u003e484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add poll_interval to constructor :pr:\u003ccode\u003e482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:\u003ccode\u003e480\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.22.0 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.1 (2025-02-03)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Fix type annotations for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:issue:\u003ccode\u003e2804\u003c/code\u003e).\nThanks :user:\u003ccode\u003elawrence-law\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOther changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove default value for the \u003ccode\u003edata\u003c/code\u003e param of \u003ccode\u003eNested._deserialize \u0026lt;marshmallow.fields.Nested._deserialize\u0026gt;\u003c/code\u003e (:issue:\u003ccode\u003e2802\u003c/code\u003e).\nThanks :user:\u003ccode\u003egbenson\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.26.0 (2025-01-22)\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTyping: Add type annotations and improved documentation for \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e options (:pr:\u003ccode\u003e2760\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: Improve type coverage of \u003ccode\u003emarshmallow.Schema.SchemaMeta\u003c/code\u003e (:pr:\u003ccode\u003e2761\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eTyping: \u003ccode\u003emarshmallow.Schema.loads\u003c/code\u003e parameter allows \u003ccode\u003ebytes\u003c/code\u003e and \u003ccode\u003ebytesarray\u003c/code\u003e (:pr:\u003ccode\u003e2769\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRespect \u003ccode\u003edata_key\u003c/code\u003e when schema validators raise a \u003ccode\u003eValidationError \u0026lt;marshmallow.exceptions.ValidationError\u0026gt;\u003c/code\u003e\nwith a \u003ccode\u003efield_name\u003c/code\u003e argument (:issue:\u003ccode\u003e2170\u003c/code\u003e). Thanks :user:\u003ccode\u003ematejsp\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003eCorrectly handle multiple \u003ccode\u003e@post_load \u0026lt;marshmallow.post_load\u0026gt;\u003c/code\u003e methods where one method appends to\nthe data and another passes \u003ccode\u003epass_original=True\u003c/code\u003e (:issue:\u003ccode\u003e1755\u003c/code\u003e).\nThanks :user:\u003ccode\u003eghostwheel42\u003c/code\u003e for reporting.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eURL\u003c/code\u003e fields now properly validate \u003ccode\u003efile\u003c/code\u003e paths (:issue:\u003ccode\u003e2249\u003c/code\u003e).\nThanks :user:\u003ccode\u003e0xDEC0DE\u003c/code\u003e for reporting and fixing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd :doc:\u003ccode\u003eupgrading guides \u0026lt;upgrading\u0026gt;\u003c/code\u003e for 3.24 and 3.26 (:pr:\u003ccode\u003e2780\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eVarious documentation improvements (:pr:\u003ccode\u003e2757\u003c/code\u003e, :pr:\u003ccode\u003e2759\u003c/code\u003e, :pr:\u003ccode\u003e2765\u003c/code\u003e, :pr:\u003ccode\u003e2774\u003c/code\u003e, :pr:\u003ccode\u003e2778\u003c/code\u003e, :pr:\u003ccode\u003e2783\u003c/code\u003e, :pr:\u003ccode\u003e2796\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eordered\u003c/code\u003e \u003ccode\u003eclass Meta \u0026lt;marshmallow.Schema.Meta\u0026gt;\u003c/code\u003e option is deprecated (:issue:\u003ccode\u003e2146\u003c/code\u003e, :pr:\u003ccode\u003e2762\u003c/code\u003e).\nField order is already preserved by default. Set \u003ccode\u003emarshmallow.Schema.dict_class\u003c/code\u003e to \u003ccode\u003ecollections.OrderedDict\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.22.0...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive dependency update in uv.lock with major version upgrades and package additions/removals.\n- Incremented lock file revision to 3\n- Added upload-time metadata to all package entries for source distributions and wheels\n- Upgraded major dependencies: authlib (1.3.1 → 1.6.7), deepdiff (8.0.1 → 8.6.1), fastapi (0.115.2 → 0.135.1), torch (2.4.1 → 2.8.0)\n- Added new packages: annotated-doc, cloudpickle, gepa, hf-xet\n- Removed packages: datasets, minijinja\n- Updated dependency markers and resolution markers for enhanced platform and Python version compatibility \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR passed automated checks without issues\n- Heuristic analysis shows zero critical, significant, high-risk, medium, or low severity issues\n- No existing unresolved comments that would block merging\n- The PR appears clean with no identified logic, security, or style concerns\n","html_url":"https://github.com/patrik-fredon/langflow/pull/99","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/99","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/99/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-02-25T16:37:50.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"3990496884","node_id":"PR_kwDONUO8uM7GSCh_","number":96,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-25T16:37:50.000Z","updated_at":"2026-02-25T16:39:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":22,"packages":[{"name":"litellm","old_version":"1.49.0","new_version":"1.61.15","repository_url":"https://github.com/BerriAI/litellm"},{"name":"nltk","old_version":"3.9.1","new_version":"3.9.3","repository_url":"https://github.com/nltk/nltk"},{"name":"authlib","old_version":"1.3.1","new_version":"1.6.6","repository_url":"https://github.com/authlib/authlib"},{"name":"deepdiff","old_version":"8.0.1","new_version":"8.6.1","repository_url":"https://github.com/seperman/deepdiff"},{"name":"dspy","old_version":"2.5.6","new_version":"3.0.4b1","repository_url":"https://github.com/stanfordnlp/dspy"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"jinja2","old_version":"3.1.4","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"marshmallow","old_version":"3.22.0","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"protobuf","old_version":"4.25.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-jose","old_version":"3.3.0","new_version":"3.4.0","repository_url":"https://github.com/mpdavis/python-jose"},{"name":"python-multipart","old_version":"0.0.12","new_version":"0.0.22","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.38.6","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.4.1","new_version":"2.8.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.4.1","new_version":"6.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"transformers","old_version":"4.45.2","new_version":"4.53.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uv","old_version":"0.4.25","new_version":"0.9.6","repository_url":"https://github.com/astral-sh/uv"},{"name":"virtualenv","old_version":"20.26.6","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [litellm](https://github.com/BerriAI/litellm) | `1.49.0` | `1.61.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.6` |\n| [deepdiff](https://github.com/seperman/deepdiff) | `8.0.1` | `8.6.1` |\n| [dspy](https://github.com/stanfordnlp/dspy) | `2.5.6` | `3.0.4b1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.4` | `3.1.6` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.22.0` | `3.26.2` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.4.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.12` | `0.0.22` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [starlette](https://github.com/Kludex/starlette) | `0.38.6` | `0.49.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.4.1` | `2.8.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.5` |\n| [transformers](https://github.com/huggingface/transformers) | `4.45.2` | `4.53.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.6.3` |\n| [uv](https://github.com/astral-sh/uv) | `0.4.25` | `0.9.6` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.6` | `20.36.1` |\n\n\nUpdates `litellm` from 1.49.0 to 1.61.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/BerriAI/litellm/releases\"\u003elitellm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elitellm-v1.81.14.pre-call-hook-fix.dev\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: show proxy url in ModelHub by \u003ca href=\"https://github.com/janfrederickk\"\u003e\u003ccode\u003e@​janfrederickk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21660\"\u003eBerriAI/litellm#21660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): correct modelInput format for Converse API batch models by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21656\"\u003eBerriAI/litellm#21656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only tag selected deployment in access group creation by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21655\"\u003eBerriAI/litellm#21655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(proxy): add custom favicon support by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21653\"\u003eBerriAI/litellm#21653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): prevent double UUID in create_file S3 key by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21650\"\u003eBerriAI/litellm#21650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(semantic-cache): support configurable vector dimensions by \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21649\"\u003eBerriAI/litellm#21649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils): normalize camelCase thinking param keys to snake_case by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21762\"\u003eBerriAI/litellm#21762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add optional digest mode for Slack alert types by \u003ca href=\"https://github.com/dkindlund\"\u003e\u003ccode\u003e@​dkindlund\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21683\"\u003eBerriAI/litellm#21683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Docs] store_model_in_db Release Docs by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21863\"\u003eBerriAI/litellm#21863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21871\"\u003eBerriAI/litellm#21871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(budget): fix timezone config lookup and replace hardcoded timezone map with ZoneInfo by \u003ca href=\"https://github.com/LeeJuOh\"\u003e\u003ccode\u003e@​LeeJuOh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21754\"\u003eBerriAI/litellm#21754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing return type annotations to iterator protocol methods in streaming_handler by \u003ca href=\"https://github.com/WhoisMonesh\"\u003e\u003ccode\u003e@​WhoisMonesh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21750\"\u003eBerriAI/litellm#21750\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gollem Go agent framework cookbook example by \u003ca href=\"https://github.com/trevorprater\"\u003e\u003ccode\u003e@​trevorprater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21747\"\u003eBerriAI/litellm#21747\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid mutating caller-owned dicts in SpendUpdateQueue aggregation by \u003ca href=\"https://github.com/themavik\"\u003e\u003ccode\u003e@​themavik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21742\"\u003eBerriAI/litellm#21742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(vertex_ai): enable context-1m-2025-08-07 beta header by \u003ca href=\"https://github.com/edwiniac\"\u003e\u003ccode\u003e@​edwiniac\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21870\"\u003eBerriAI/litellm#21870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;fix(vertex_ai): enable context-1m-2025-08-07 beta header\u0026quot; by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21876\"\u003eBerriAI/litellm#21876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: enable context-1m-2025-08-07 beta header for vertex_ai provider by \u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21867\"\u003eBerriAI/litellm#21867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Policy Versioning by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21862\"\u003eBerriAI/litellm#21862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add OpenClaw integration tutorial by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21605\"\u003eBerriAI/litellm#21605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm fix langfuse otel trace v2 by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21309\"\u003eBerriAI/litellm#21309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bedrock): encode model arns for OpenAI compatible bedrock imported models by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21701\"\u003eBerriAI/litellm#21701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(bedrock): support optional regional STS endpoint in role assumption by \u003ca href=\"https://github.com/ta-stripe\"\u003e\u003ccode\u003e@​ta-stripe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21640\"\u003eBerriAI/litellm#21640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ensure arrival_time is set before calculating queue time by \u003ca href=\"https://github.com/Harshit28j\"\u003e\u003ccode\u003e@​Harshit28j\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21918\"\u003eBerriAI/litellm#21918\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 22 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21924\"\u003eBerriAI/litellm#21924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emerge main in oss 21 02 by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21926\"\u003eBerriAI/litellm#21926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Noma guardrails v2 based on custom guardrails by \u003ca href=\"https://github.com/TomAlon\"\u003e\u003ccode\u003e@​TomAlon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21400\"\u003eBerriAI/litellm#21400\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm dev 02 19 2026 p2 (\u003ca href=\"https://redirect.github.com/BerriAI/litellm/issues/21871\"\u003e#21871\u003c/a\u003e) by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21872\"\u003eBerriAI/litellm#21872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eState management fixes for CheckBatchCost by \u003ca href=\"https://github.com/ephrimstanley\"\u003e\u003ccode\u003e@​ephrimstanley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21921\"\u003eBerriAI/litellm#21921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Anthropic model wildcard access issue by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21917\"\u003eBerriAI/litellm#21917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 22 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21877\"\u003eBerriAI/litellm#21877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLitellm oss staging 02 21 2026 by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21786\"\u003eBerriAI/litellm#21786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix model cost map for anthropic fast and inference_geo by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21904\"\u003eBerriAI/litellm#21904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd  Priority PayGo cost tracking gemini/vertex ai by \u003ca href=\"https://github.com/Sameerlite\"\u003e\u003ccode\u003e@​Sameerlite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21909\"\u003eBerriAI/litellm#21909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): fix StopIteration in prisma self-heal cooldown test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21938\"\u003eBerriAI/litellm#21938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): use absolute path for model_prices JSON validation test by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21939\"\u003eBerriAI/litellm#21939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Google GenAI SDK tutorial (JS \u0026amp; Python) by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21885\"\u003eBerriAI/litellm#21885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ui): add pre-PR checklist to UI contributing guide by \u003ca href=\"https://github.com/Chesars\"\u003e\u003ccode\u003e@​Chesars\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21886\"\u003eBerriAI/litellm#21886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Litellm network mock by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21942\"\u003eBerriAI/litellm#21942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGuardrail Monitor - measure guardrail reliability in prod  by \u003ca href=\"https://github.com/krrishdholakia\"\u003e\u003ccode\u003e@​krrishdholakia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21944\"\u003eBerriAI/litellm#21944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): add INCOMPLETE to interactions status enum expected values by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21943\"\u003eBerriAI/litellm#21943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Singapore guardrail policies (PDPA + MAS AI Risk Management) by \u003ca href=\"https://github.com/ron-zhong\"\u003e\u003ccode\u003e@​ron-zhong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21948\"\u003eBerriAI/litellm#21948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAI Agents SDK tutorial with LiteLLM Proxy to docs  by \u003ca href=\"https://github.com/Arindam200\"\u003e\u003ccode\u003e@​Arindam200\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21221\"\u003eBerriAI/litellm#21221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(tests): make RPM limit test sequential to fix race condition by \u003ca href=\"https://github.com/jquinter\"\u003e\u003ccode\u003e@​jquinter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21937\"\u003eBerriAI/litellm#21937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add performance \u0026amp; reliability section to v1.81.14 release notes by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21950\"\u003eBerriAI/litellm#21950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(videos): add variant parameter to video content download by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21955\"\u003eBerriAI/litellm#21955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert duplicate issue checker to text-based matching by \u003ca href=\"https://github.com/ryan-crabbe\"\u003e\u003ccode\u003e@​ryan-crabbe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21961\"\u003eBerriAI/litellm#21961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] UI - Blog Dropdown in Navbar by \u003ca href=\"https://github.com/yuneng-jiang\"\u003e\u003ccode\u003e@​yuneng-jiang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21859\"\u003eBerriAI/litellm#21859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(videos): pass api_key from litellm_params to video remix handlers by \u003ca href=\"https://github.com/nielei3\"\u003e\u003ccode\u003e@​nielei3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/BerriAI/litellm/pull/21965\"\u003eBerriAI/litellm#21965\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/BerriAI/litellm/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.1 to 3.9.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed bug that prevented wordnet from loading\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 3.9 2024-08-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix security vulnerability CVE-2024-39705 (breaking change)\u003c/li\u003e\n\u003cli\u003eReplace pickled models (punkt, chunker, taggers) by new pickle-free \u0026quot;_tab\u0026quot; packages\u003c/li\u003e\n\u003cli\u003eNo longer sort Wordnet synsets and relations (sort in calling function when required)\u003c/li\u003e\n\u003cli\u003eOnly strip the last suffix in Wordnet Morphy, thus restricting synsets() results\u003c/li\u003e\n\u003cli\u003eAdd Python 3.12 support\u003c/li\u003e\n\u003cli\u003eMany other minor fixes\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.8.2:\nTom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,\nEric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.\u003c/p\u003e\n\u003cp\u003eVersion 3.8.1 2023-01-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolve RCE vulnerability in localhost WordNet Browser (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3100\"\u003e#3100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284\"\u003e\u003ccode\u003e4154eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3503\"\u003e#3503\u003c/a\u003e from ekaf/hotfix-3501\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80\"\u003e\u003ccode\u003e7a710cb\u003c/code\u003e\u003c/a\u003e Prepare release 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18\"\u003e\u003ccode\u003e1056b32\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e from HyperPS/fix/secure-unzip-rce\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f\"\u003e\u003ccode\u003e7dc5baa\u003c/code\u003e\u003c/a\u003e Resolve merge conflict in tag mapping using normalized nltk resource URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1\"\u003e\u003ccode\u003e7ef38b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e from HyperPS/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974\"\u003e\u003ccode\u003eb2e1164\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e from HyperPS/fix-filestring-sandbox-update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98\"\u003e\u003ccode\u003eac0ce55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e from HyperPS/fix/filesystem-sandbox-security\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab\"\u003e\u003ccode\u003e603e34d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e from HyperPS/fix/corpusreader-path-traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4\"\u003e\u003ccode\u003eb63a501\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e from HyperPS/fix/stanford-segmenter-rce-sha256\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0\"\u003e\u003ccode\u003edf38955\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3494\"\u003e#3494\u003c/a\u003e from ekaf/ewnv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.1...3.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.3.1 to 1.6.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(jose): add max size for JWE zip=DEF decompression by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/830\"\u003eauthlib/authlib#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.4...v1.6.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jose): prevent public/unprotected header overwriting protected header by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/809\"\u003eauthlib/authlib#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e raising by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/810\"\u003eauthlib/authlib#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conventional-commits pre-commit hook by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/811\"\u003eauthlib/authlib#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix response_mode=form_post with Starlette client by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/812\"\u003eauthlib/authlib#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSpecify README.md as project long description by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate tests to pytest paradigm by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/813\"\u003eauthlib/authlib#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ejose/jws: Reject unprotected ‘crit’ and enforce type; add tests by \u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse explicit *.test urls in unit tests by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/824\"\u003eauthlib/authlib#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/817\"\u003eauthlib/authlib#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AL-Cybision\"\u003e\u003ccode\u003e@​AL-Cybision\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/823\"\u003eauthlib/authlib#823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.3...v1.6.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd diff-cover check in GHA by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/803\"\u003eauthlib/authlib#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun GHA unit tests with uv by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/805\"\u003eauthlib/authlib#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove from pre-commit to prek by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/804\"\u003eauthlib/authlib#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSign OIDC id_token  according to \u003ccode\u003eid_token_signed_response_alg\u003c/code\u003e client metadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/802\"\u003eauthlib/authlib#802\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Oct 2, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e take a \u003ccode\u003erequest\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eAdd size limitation when decode JWS/JWE to prevent DoS.\u003c/li\u003e\n\u003cli\u003eAdd size limitation for \u003ccode\u003eDEF\u003c/code\u003e JWE zip algorithm.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Sep 17, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eInsecureTransportError\u003c/code\u003e error raising. :issue:\u003ccode\u003e795\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eresponse_mode=form_post\u003c/code\u003e with Starlette client. :issue:\u003ccode\u003e793\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003ecrit\u003c/code\u003e header value, reject unprotected header in \u003ccode\u003ecrit\u003c/code\u003e header.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 26, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOIDC \u003ccode\u003eid_token\u003c/code\u003e are signed according to \u003ccode\u003eid_token_signed_response_alg\u003c/code\u003e\nclient metadata. :issue:\u003ccode\u003e755\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restore \u003ccode\u003eOAuth2Request\u003c/code\u003e \u003ccode\u003ebody\u003c/code\u003e parameter. :issue:\u003ccode\u003e781\u003c/code\u003e :pr:\u003ccode\u003e791\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e127.0.0.1\u003c/code\u003e in insecure transport mode. :pr:\u003ccode\u003e788\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRaise \u003ccode\u003eMissingCodeException\u003c/code\u003e when the \u003ccode\u003ecode\u003c/code\u003e parameter is missing. :issue:\u003ccode\u003e793\u003c/code\u003e :pr:\u003ccode\u003e794\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eid_token\u003c/code\u003e generation with \u003ccode\u003eEdDSA\u003c/code\u003e algs. :issue:\u003ccode\u003e799\u003c/code\u003e :pr:\u003ccode\u003e800\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jul 20, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/06015d20652a23eff8350b6ad71b32fe41dae4ba\"\u003e\u003ccode\u003e06015d2\u003c/code\u003e\u003c/a\u003e test: factorize the token fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9ec42561cd1a81b518598d252f8adbcf446f7419\"\u003e\u003ccode\u003e9ec4256\u003c/code\u003e\u003c/a\u003e chore: release 1.6.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.3.1...v1.6.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.0.1 to 8.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/seperman/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdating deprecated pydantic calls\u003c/li\u003e\n\u003cli\u003eSwitching to pyproject.toml\u003c/li\u003e\n\u003cli\u003eFix for moving nested tables when using iterable_compare_func.  by\u003c/li\u003e\n\u003cli\u003eFix recursion depth limit when hashing numpy.datetime64\u003c/li\u003e\n\u003cli\u003eMoving from legacy setuptools use to pyproject.toml\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epytz is not required.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdding BaseOperatorPlus base class for custom operators\u003c/li\u003e\n\u003cli\u003edefault_timezone can be passed now to set your default timezone to something other than UTC.\u003c/li\u003e\n\u003cli\u003eNew summarization algorithm that produces valid json\u003c/li\u003e\n\u003cli\u003eBetter type hint support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.1.1\u003c/h2\u003e\n\u003cp\u003eAdding Python 3.13 to setup.py\u003c/p\u003e\n\u003ch2\u003e8.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoving deprecated lines from setup.py\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eprefix\u003c/code\u003e option to \u003ccode\u003epretty()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixes hashing of numpy boolean values.\u003c/li\u003e\n\u003cli\u003eFixes \u003cstrong\u003eslots\u003c/strong\u003e comparison when the attribute doesn't exist.\u003c/li\u003e\n\u003cli\u003eRelaxing orderly-set reqs\u003c/li\u003e\n\u003cli\u003eAdded Python 3.13 support\u003c/li\u003e\n\u003cli\u003eOnly lower if clean_key is instance of str \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/504\"\u003e#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes issue where the key deep_distance is not returned when both compared items are equal \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/510\"\u003e#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes exclude_paths fails to work in certain cases\u003c/li\u003e\n\u003cli\u003eexclude_paths fails to work \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/509\"\u003e#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys\u003c/li\u003e\n\u003cli\u003eto_dict() method chokes on standard json.dumps() kwargs  \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/490\"\u003e#490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty\u003c/li\u003e\n\u003cli\u003eFixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/508\"\u003e#508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/388a60ecd1c033de3f2302ade67e386a8875b6be\"\u003e\u003ccode\u003e388a60e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/seperman/deepdiff/issues/557\"\u003e#557\u003c/a\u003e from seperman/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/0978fb88240b0d3daaf327d26b7fbcf85360578c\"\u003e\u003ccode\u003e0978fb8\u003c/code\u003e\u003c/a\u003e adding docs for 8.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/d469a4c34c6b65cab25088b0d3963561b80acf9b\"\u003e\u003ccode\u003ed469a4c\u003c/code\u003e\u003c/a\u003e making type hints compatible with old python\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/e16507c15c9069e9011ba4e298a2ec031c68cd3f\"\u003e\u003ccode\u003ee16507c\u003c/code\u003e\u003c/a\u003e fixing type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seperman/deepdiff/commit/33de0874bbc356ae83e74157f105a516e4db3d7a\"\u003e\u003ccode\u003e33de087\u003c/code\u003e\u003c/a\u003e adding type hints to search\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/seperman/deepdiff/compare/8.0.1...8.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dspy` from 2.5.6 to 3.0.4b1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stanfordnlp/dspy/releases\"\u003edspy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.4b1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eGEPA + Other Optimizers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GEPA usage tracking with tuple outputs by \u003ca href=\"https://github.com/smec-cgint\"\u003e\u003ccode\u003e@​smec-cgint\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8739\"\u003e#8739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd custom instruction_proposer support to GEPA with multimodal (dspy.Image) handling by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8737\"\u003e#8737\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance logging for valset usage in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8770\"\u003e#8770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feature] GEPA: Add custom component selection logic support by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8765\"\u003e#8765\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MLFLow \u0026lt;\u0026gt; GEPA support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8763\"\u003e#8763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate optimization overview with data split guidance by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8792\"\u003e#8792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add comprehensive instruction_proposer documentation and examples for GEPA by \u003ca href=\"https://github.com/andressrg\"\u003e\u003ccode\u003e@​andressrg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8775\"\u003e#8775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce gepa_kwargs for passing custom kwargs to gepa.optimize by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate callback metadata during GEPA minibatch eval by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8835\"\u003e#8835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GEPA warning by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8840\"\u003e#8840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate gepa[dspy] dependency version to 0.0.17; Potential fix for load from state not working in GEPA by \u003ca href=\"https://github.com/LakshyAAAgrawal\"\u003e\u003ccode\u003e@​LakshyAAAgrawal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSIMBA Improvements by \u003ca href=\"https://github.com/klopsahlong\"\u003e\u003ccode\u003e@​klopsahlong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Type\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Anthropic Citation API support by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8721\"\u003e#8721\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd api reference for citations and document by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8801\"\u003e#8801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow custom type to be streamed and use native response by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8778\"\u003e#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix example code for Citations by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImage \u0026amp; Multimodal Support\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate Image from_* helpers in favor of flexible constructor by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8771\"\u003e#8771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCache Image.format for better throughput by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8842\"\u003e#8842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(dspy.Image): Adds a test with ReAct that has an Image tool by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes \u0026amp; Type Handling\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8703\"\u003e#8703\u003c/a\u003e - fixing module and feedback mismatch by \u003ca href=\"https://github.com/Lucas-Fernandes-Martins\"\u003e\u003ccode\u003e@​Lucas-Fernandes-Martins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8777\"\u003e#8777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix value parsing and add tests by \u003ca href=\"https://github.com/chenmoneygithub\"\u003e\u003ccode\u003e@​chenmoneygithub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8774\"\u003e#8774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse doubly-encoded base type in json.parse by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8814\"\u003e#8814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unexpected parsing of Optional[str] fields when string has brackets or braces by \u003ca href=\"https://github.com/sontanon\"\u003e\u003ccode\u003e@​sontanon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8805\"\u003e#8805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse mcp.ClientSession for type hint by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8826\"\u003e#8826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for callpreprocess by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8827\"\u003e#8827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow DummyLM answers dict values to be of any type to work with a wider range of signatures by \u003ca href=\"https://github.com/BenMcH\"\u003e\u003ccode\u003e@​BenMcH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8803\"\u003e#8803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the crash when usage tracker is enabled with non-prediction output by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFallback to memory cache when disk is not available by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8718\"\u003e#8718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebug(lm): Avoid unnecessary cache key computation by \u003ca href=\"https://github.com/isaacbmiller\"\u003e\u003ccode\u003e@​isaacbmiller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay metric=0 in eval table by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8817\"\u003e#8817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd save/load to Embeddings by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation \u0026amp; Tutorials\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinor document changes by \u003ca href=\"https://github.com/Navanit-git\"\u003e\u003ccode\u003e@​Navanit-git\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8722\"\u003e#8722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc page to learn tool usage in DSPy by \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8709\"\u003e#8709\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/b71a1182e993e38fac788c753502264d3df44756\"\u003e\u003ccode\u003eb71a118\u003c/code\u003e\u003c/a\u003e Use importorskip for PIL in ReAct test (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8870\"\u003e#8870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/c33718da61afa7e95fc2a870532d46aae1c95eca\"\u003e\u003ccode\u003ec33718d\u003c/code\u003e\u003c/a\u003e Fix example code for Citations (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/930632ab13ebb7590d60455c806b1fde70589908\"\u003e\u003ccode\u003e930632a\u003c/code\u003e\u003c/a\u003e bug(lm): Avoid unnecessary cache key computation (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8862\"\u003e#8862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2f9e9a01a181b4f6f864088be1c8ee984c95e404\"\u003e\u003ccode\u003e2f9e9a0\u003c/code\u003e\u003c/a\u003e Update gepa[dspy] dependency version to 0.0.17 (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8859\"\u003e#8859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/9542e566fdad99c3653321fddb50767871e8c376\"\u003e\u003ccode\u003e9542e56\u003c/code\u003e\u003c/a\u003e SIMBA Improvements (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8766\"\u003e#8766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/baa6f82b72020c499633b08833d63d2545316a41\"\u003e\u003ccode\u003ebaa6f82\u003c/code\u003e\u003c/a\u003e test(dspy.Image): Adds a test with ReAct that has an Image tool (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8855\"\u003e#8855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/92997073e07e68241677fd32efcc55a2daee30ea\"\u003e\u003ccode\u003e9299707\u003c/code\u003e\u003c/a\u003e Add save/load to Embeddings (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8818\"\u003e#8818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/e4330465d576e0cfd2ee13b85d8c231a8861e3f5\"\u003e\u003ccode\u003ee433046\u003c/code\u003e\u003c/a\u003e Fix the crash when usage tracker is enabled with non-prediction output (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8831\"\u003e#8831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/12b2b998682955cfecfffdc402c452be149c10b0\"\u003e\u003ccode\u003e12b2b99\u003c/code\u003e\u003c/a\u003e Introduce gepa_kwargs for passing custom kwargs to gepa.optimize (\u003ca href=\"https://redirect.github.com/stanfordnlp/dspy/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stanfordnlp/dspy/commit/2e97da4dccdaca710faaa8ac9f6620e6cd6e7499\"\u003e\u003ccode\u003e2e97da4\u003c/code\u003e\u003c/a\u003e docs: Add comprehensive instruction_proposer documentation and examples for G...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/stanfordnlp/dspy/compare/2.5.6...3.0.4b1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.3 (2026-02-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:\u003ccode\u003e495\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(ci): add trailing blank line after changelog entries :pr:\u003ccode\u003e492\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.2 (2026-02-16)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:\u003ccode\u003e491\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(test): resolve flaky write non-starvation test :pr:\u003ccode\u003e490\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: restructure using Diataxis framework :pr:\u003ccode\u003e489\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.1 (2026-02-15)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): resolve Windows deadlock and test race condition :pr:\u003ccode\u003e488\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.24.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(lock): add lifetime parameter for lock expiration (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/68\"\u003e#68\u003c/a\u003e) :pr:\u003ccode\u003e486\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add cancel_check to acquire (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/309\"\u003e#309\u003c/a\u003e) :pr:\u003ccode\u003e487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(api): detect same-thread self-deadlock :pr:\u003ccode\u003e481\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(mode): respect POSIX default ACLs (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/378\"\u003e#378\u003c/a\u003e) :pr:\u003ccode\u003e483\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(win): eliminate lock file race in threaded usage :pr:\u003ccode\u003e484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(lock): add poll_interval to constructor :pr:\u003ccode\u003e482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:\u003ccode\u003e480\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.23.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e📝 docs: move from Unlicense to MIT :pr:\u003ccode\u003e479\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e📝 docs: add fasteners to similar libraries :pr:\u003ccode\u003e478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.22.0 (2026-02-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): skip stale detection on Windows :pr:\u003ccode\u003e477\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(soft): detect and break stale locks :pr:\u003ccode\u003e476\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.1.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.4 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}...\n\n_Description has been truncated_\n\n---\n## EntelligenceAI PR Summary \n Comprehensive Python dependency update upgrading lock file revision and major framework versions with significant dependency restructuring.\n- FastAPI upgraded to 0.133.0 with new type inspection dependencies\n- dspy upgraded to 3.0.4b1 with major dependency changes (removed datasets, added 8 new packages)\n- torch upgraded to 2.8.0 with additional NVIDIA CUDA support libraries\n- litellm upgraded to 1.72.6.post2, migrating from requests to httpx\n- authlib, deepdiff, and multiple HTTP libraries (h11, h2, hpack, httpcore, hyperframe, filelock) upgraded to latest versions\n- Added upload timestamps to package metadata for improved traceability \n\n\n---\n\n## Confidence Score: 5/5 - Safe to Merge\n\n- No review comments were generated, indicating the PR appears clean\n- Zero critical, significant, or high-risk issues detected by heuristic analysis\n- No existing unresolved comments that would block merging\n- All heuristic indicators point to a safe merge with maximum allowed score of 5/5\n","html_url":"https://github.com/patrik-fredon/langflow/pull/96","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrik-fredon%2Flangflow/issues/96","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/96/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-02-20T23:08:13.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"3970741594","node_id":"PR_kwDOQ767ts7FR0pP","number":2,"state":"closed","title":"Bump the pip group across 16 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-21T00:03:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-20T23:08:13.000Z","updated_at":"2026-02-21T00:03:45.000Z","time_to_close":3330,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":9,"packages":[{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.4","repository_url":"https://github.com/psf/requests"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /sample-apps/django-mysql directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /sample-apps/django-mysql-gunicorn directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse), [urllib3](https://github.com/urllib3/urllib3) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/django-postgres-gunicorn directory: [requests](https://github.com/psf/requests), [sqlparse](https://github.com/andialbrecht/sqlparse), [urllib3](https://github.com/urllib3/urllib3) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/fastapi-postgres-uvicorn directory: [requests](https://github.com/psf/requests), [h11](https://github.com/python-hyper/h11), [urllib3](https://github.com/urllib3/urllib3) and [starlette](https://github.com/Kludex/starlette).\nBumps the pip group with 4 updates in the /sample-apps/flask-clickhouse-uwsgi directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mongo directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [werkzeug](https://github.com/pallets/werkzeug) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /sample-apps/flask-mssql directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mysql directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-mysql-uwsgi directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-openai directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-postgres directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /sample-apps/flask-postgres-gevent directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /sample-apps/flask-postgres-xml directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 6 updates in the /sample-apps/quart-mongo directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n\nBumps the pip group with 6 updates in the /sample-apps/quart-postgres-uvicorn directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.4` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n| [h2](https://github.com/python-hyper/h2) | `4.1.0` | `4.3.0` |\n\nBumps the pip group with 3 updates in the /sample-apps/starlette-postgres-uvicorn directory: [requests](https://github.com/psf/requests), [h11](https://github.com/python-hyper/h11) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.3 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd\"\u003e\u003ccode\u003e021dc72\u003c/code\u003e\u003c/a\u003e Polish up release tooling for last manual release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396\"\u003e\u003ccode\u003e821770e\u003c/code\u003e\u003c/a\u003e Bump version and add release notes for v2.32.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401\"\u003e\u003ccode\u003e59f8aa2\u003c/code\u003e\u003c/a\u003e Add netrc file search information to authentication documentation (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6876\"\u003e#6876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b\"\u003e\u003ccode\u003e5b4b64c\u003c/code\u003e\u003c/a\u003e Add more tests to prevent regression of CVE 2024 47081\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae\"\u003e\u003ccode\u003e7bc4587\u003c/code\u003e\u003c/a\u003e Add new test to check netrc auth leak (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6962\"\u003e#6962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef\"\u003e\u003ccode\u003e96ba401\u003c/code\u003e\u003c/a\u003e Only use hostname to do netrc lookup instead of netloc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2\"\u003e\u003ccode\u003e7341690\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6951\"\u003e#6951\u003c/a\u003e from tswast/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0\"\u003e\u003ccode\u003e6716d7c\u003c/code\u003e\u003c/a\u003e remove links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae\"\u003e\u003ccode\u003ea7e1c74\u003c/code\u003e\u003c/a\u003e Update docs/conf.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f\"\u003e\u003ccode\u003ec799b81\u003c/code\u003e\u003c/a\u003e docs: fix dead links to kenreitz.org\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlparse` from 0.5.3 to 0.5.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG\"\u003esqlparse's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.5.4 (Nov 28, 2025)\u003c/h2\u003e\n\u003cp\u003eEnhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd type annotations to top-level API functions and include py.typed marker\nfor PEP 561 compliance, enabling type checking with mypy and other tools\n(issue756).\u003c/li\u003e\n\u003cli\u003eAdd pre-commit hook support. sqlparse can now be used as a pre-commit hook\nto automatically format SQL files. The CLI now supports multiple files and\nan \u003ccode\u003e--in-place\u003c/code\u003e flag for in-place editing (issue537).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eATTACH\u003c/code\u003e and \u003ccode\u003eDETACH\u003c/code\u003e to PostgreSQL keywords (pr808).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eINTERSECT\u003c/code\u003e to close keywords in WHERE clause (pr820).\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eREGEXP BINARY\u003c/code\u003e comparison operator (pr817).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug Fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd additional protection against denial of service attacks when parsing\nvery large lists of tuples. This enhances the existing recursion protections\nwith configurable limits for token processing to prevent DoS through\nalgorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,\nMAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)\nif needed for legitimate large SQL statements.\u003c/li\u003e\n\u003cli\u003eRemove shebang from cli.py and remove executable flag (pr818).\u003c/li\u003e\n\u003cli\u003eFix strip_comments not removing all comments when input contains only\ncomments (issue801, pr803 by stropysh).\u003c/li\u003e\n\u003cli\u003eFix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END\nblocks (issue812).\u003c/li\u003e\n\u003cli\u003eFix splitting on semicolons inside BEGIN...END blocks (issue809).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/14e300b165b14d1a7662a071c6481b503d367528\"\u003e\u003ccode\u003e14e300b\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/96a67e286963b2497b1b3f7a1378327af6661998\"\u003e\u003ccode\u003e96a67e2\u003c/code\u003e\u003c/a\u003e Code cleanup.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1a3bfbd50b82c05d9adcc51bacba059671dc1bc7\"\u003e\u003ccode\u003e1a3bfbd\u003c/code\u003e\u003c/a\u003e Fix handling of semicolons inside BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/809\"\u003e#809\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/e92a032c81d51a6645b4f8c32470481894818ba0\"\u003e\u003ccode\u003ee92a032\u003c/code\u003e\u003c/a\u003e Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/812\"\u003e#812\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/149bebf06c788e93a9b0dbee0e5abbc8e347b8e6\"\u003e\u003ccode\u003e149bebf\u003c/code\u003e\u003c/a\u003e Update Changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/561a67e740e9623cf81ef99f1a6cd94337e24282\"\u003e\u003ccode\u003e561a67e\u003c/code\u003e\u003c/a\u003e Update AUTHORS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/73c8ba3ae88b608d39740c0776fb15064232258e\"\u003e\u003ccode\u003e73c8ba3\u003c/code\u003e\u003c/a\u003e bugfix ISSUE_801; Remove all comments when only comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/1b323879f87207946e4782812e2e1254b1c0c659\"\u003e\u003ccode\u003e1b32387\u003c/code\u003e\u003c/a\u003e Update action to run on all prs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/31903e09db518ee3969110073427196ef9cd46c3\"\u003e\u003ccode\u003e31903e0\u003c/code\u003e\u003c/a\u003e Add pre-commit hook support (fixes \u003ca href=\"https://redirect.github.com/andialbrecht/sqlparse/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/andialbrecht/sqlparse/commit/13577264eb38b88e24825022fea4bd4351449e7c\"\u003e\u003ccode\u003e1357726\u003c/code\u003e\u003c/a\u003e docs: add AGENTS.md for project guidance and development commands\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/andialbrecht/sqlparse/compare/0.5.3...0.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 i...\n\n_Description has been truncated_","html_url":"https://github.com/saimonmize-afk/firewall-python/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saimonmize-afk%2Ffirewall-python/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"4.1.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-02-14T21:21:50.000Z","version_change":"4.1.0 → 4.3.0","issue":{"uuid":"3942371124","node_id":"PR_kwDORJXmGM7D06sO","number":124,"state":"open","title":"Bump h2 from 4.1.0 to 4.3.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-14T21:21:50.000Z","updated_at":"2026-02-14T21:21:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"h2","old_version":"4.1.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.1.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 (2025-02-01)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.6 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.7 has been removed.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.8 has been removed.\u003c/li\u003e\n\u003cli\u003eRemove mistakenly set \u003ccode\u003emax_inbound_frame_size\u003c/code\u003e attribute on \u003ccode\u003eH2Stream\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.11 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.12 has been added.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.13 has been added.\u003c/li\u003e\n\u003cli\u003eAdd an ability to send outbound cookies separately to improve headers compression.\u003c/li\u003e\n\u003cli\u003eUpdated packaging and testing infrastructure.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix repr() checks for Python 3.11\u003c/li\u003e\n\u003cli\u003eFix asyncio / wsgi examples.\u003c/li\u003e\n\u003cli\u003eClarify docs on using curl with http2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.1.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=pip\u0026previous-version=4.1.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/masonj0/favplc/pull/124","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/masonj0%2Ffavplc/issues/124","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/124/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-02-11T12:14:05.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3926224208","node_id":"PR_kwDOGfceZM7C_NDj","number":4591,"state":"closed","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["Dependencies","Triage Required :hospital:","pr/external","pr/internal","size: small","area/dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-12T07:27:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-11T12:14:05.000Z","updated_at":"2026-02-12T07:28:38.000Z","time_to_close":69213,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/litestar-org/litestar/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/litestar-org/litestar/pull/4591","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/litestar-org%2Flitestar/issues/4591","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4591/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-02-05T16:10:02.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3902366190","node_id":"PR_kwDOPK4oDM7BxNWw","number":43,"state":"open","title":"build(deps): bump the uv group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-05T16:10:02.000Z","updated_at":"2026-02-05T16:11:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":7,"packages":[{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"azure-core","old_version":"1.35.0","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cbor2","old_version":"5.6.5","new_version":"5.8.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"orjson","old_version":"3.10.18","new_version":"3.11.5","repository_url":"https://github.com/ijl/orjson"},{"name":"protobuf","old_version":"6.31.1","new_version":"6.33.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.35.0` | `1.38.0` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.6.5` | `5.8.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.18` | `3.11.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-core` from 1.35.0 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-core_1.38.0\u003c/h2\u003e\n\u003ch2\u003e1.38.0 (2026-01-12)\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eChanged the continuation token format. Continuation tokens generated by previous versions of azure-core are not compatible with this version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eazure-core_1.37.0\u003c/h2\u003e\n\u003ch2\u003e1.37.0 (2025-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eget_backcompat_attr_name\u003c/code\u003e to \u003ccode\u003eazure.core.serialization\u003c/code\u003e. \u003ccode\u003eget_backcompat_attr_name\u003c/code\u003e gets the backcompat name of an attribute using backcompat attribute access.  \u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6d2e6431ea0991861640e449e51e894247a7771a\"\u003e\u003ccode\u003e6d2e643\u003c/code\u003e\u003c/a\u003e update release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44609\"\u003e#44609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca2b965d8cce6eaa135fe01804b96164b56b7f16\"\u003e\u003ccode\u003eca2b965\u003c/code\u003e\u003c/a\u003e [Core] Prep release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44590\"\u003e#44590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fb8cbea1b9d85135f7ba99bfc6cbc2f3cee138ff\"\u003e\u003ccode\u003efb8cbea\u003c/code\u003e\u003c/a\u003e Introduce new version of continuation token (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44574\"\u003e#44574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6578a78f6a7429bbe73e27ebe904d7f362d7efa2\"\u003e\u003ccode\u003e6578a78\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44398\"\u003e#44398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a69a3c26f3a3ed0c9e5a888d991ad447754ad00b\"\u003e\u003ccode\u003ea69a3c2\u003c/code\u003e\u003c/a\u003e add example to demo how to use truststore (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44343\"\u003e#44343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5ade1087ec6a425d7639eefcff206ceffdf3d48f\"\u003e\u003ccode\u003e5ade108\u003c/code\u003e\u003c/a\u003e Bumping the targeted \u003ccode\u003ehttpx\u003c/code\u003e for \u003ccode\u003eazure-core-experimental\u003c/code\u003e dev reqs (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44328\"\u003e#44328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/cbb1db62711eae72aca1b2bbeedcbd7e02d21109\"\u003e\u003ccode\u003ecbb1db6\u003c/code\u003e\u003c/a\u003e [core] add tests and fix backcompat functions (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4adcc524b09e09e4916f1280a32f9802cc798788\"\u003e\u003ccode\u003e4adcc52\u003c/code\u003e\u003c/a\u003e [Core] Support timeout error in requests+aiohttp transports (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43201\"\u003e#43201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fd709673eacbebc1107d998f217a131fa3394326\"\u003e\u003ccode\u003efd70967\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43435\"\u003e#43435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/b52527cdfdeff6b6aab4b93a87d4402b1403ce89\"\u003e\u003ccode\u003eb52527c\u003c/code\u003e\u003c/a\u003e [Core] Update TypeHandlerRegistry typing (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43393\"\u003e#43393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.35.0...azure-core_1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.6.5 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14 (no free-threading support yet, sorry)\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/247\"\u003e#247\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/247\"\u003eagronholm/cbor2#247\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for encoding indefinite containers (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/256\"\u003e#256\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/256\"\u003eagronholm/cbor2#256\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/CZDanol\"\u003e\u003ccode\u003e@​CZDanol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded complex number support (tag 43000) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/249\"\u003e#249\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/249\"\u003eagronholm/cbor2#249\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/chillenb\"\u003e\u003ccode\u003e@​chillenb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c77cea8e0d77aebdb6eea051433352a1de824ff1\"\u003e\u003ccode\u003ec77cea8\u003c/code\u003e\u003c/a\u003e Removed macos-13 from the OS matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2320d95d93dbd1da5926a90351ccbfa78dfb70bc\"\u003e\u003ccode\u003e2320d95\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/9ff48e3ce4ec3f0f2db8752558756b9e95dbc3d0\"\u003e\u003ccode\u003e9ff48e3\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/22acea4740f244e2d2f500a62501be08fb9506b1\"\u003e\u003ccode\u003e22acea4\u003c/code\u003e\u003c/a\u003e Updated the version history entry for \u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c368bb394e8c8dd73669fdfa4cba633728ca20ae\"\u003e\u003ccode\u003ec368bb3\u003c/code\u003e\u003c/a\u003e Fixed the links and the semver declaration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824\"\u003e\u003ccode\u003efb4ee16\u003c/code\u003e\u003c/a\u003e Added a read-ahead buffer to the C decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/0bcf400a4575edce046ecdd2f9ab73ee606d8863\"\u003e\u003ccode\u003e0bcf400\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/7aa6cad1840176affdbee97568cabfb2ef9ff566\"\u003e\u003ccode\u003e7aa6cad\u003c/code\u003e\u003c/a\u003e Added dependabot config for GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/6409f6aa994969333fd69c2688996d3e7aad9fc3\"\u003e\u003ccode\u003e6409f6a\u003c/code\u003e\u003c/a\u003e Added a security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/403c2ce3d61ce5ddc2d2143127baf31b7ab4a75c\"\u003e\u003ccode\u003e403c2ce\u003c/code\u003e\u003c/a\u003e Fixed nested shareable in arrays (python decoder only) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.6.5...5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.18 to 3.11.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deserialization buffer allocated per request instead of a shared buffer allocated on import.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.14 beta 4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2 - 2025-08-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1 - 2025-07-25\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures. This was introduced in 3.11.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0 - 2025-07-15\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/fb3eb1f729c7e7b019f780af5695722c99c7c695\"\u003e\u003ccode\u003efb3eb1f\u003c/code\u003e\u003c/a\u003e 3.11.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/52688e02c51c845cde24a46cd1011a6010d10eb8\"\u003e\u003ccode\u003e52688e0\u003c/code\u003e\u003c/a\u003e Record contributors in headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/dc083e87d5262e7dde3ba4b1d2a377b5b065a27c\"\u003e\u003ccode\u003edc083e8\u003c/code\u003e\u003c/a\u003e Further compatibility and build misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/18f0186d47fbadd53c9db4e39a442d5b04225418\"\u003e\u003ccode\u003e18f0186\u003c/code\u003e\u003c/a\u003e Compatibility and build misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/a4fdeb3aff125d501ec0dd0577f9b38b2b977b4f\"\u003e\u003ccode\u003ea4fdeb3\u003c/code\u003e\u003c/a\u003e 3.11.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/2e80d68afacafca8751e6a64ca05d0d4087dbd15\"\u003e\u003ccode\u003e2e80d68\u003c/code\u003e\u003c/a\u003e unlikely to cold_path, remove intrinsics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/27edea92f8da2fdfc3f1342474e2f1686f1edf55\"\u003e\u003ccode\u003e27edea9\u003c/code\u003e\u003c/a\u003e FFI through crate::ffi, partial non-CPython compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/416a8c9578da780d0d58b5e6b751793deafc610d\"\u003e\u003ccode\u003e416a8c9\u003c/code\u003e\u003c/a\u003e Unconditionally build yyjson\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/c8c1a17dca8436a2fee05ca060febd096e653d98\"\u003e\u003ccode\u003ec8c1a17\u003c/code\u003e\u003c/a\u003e edition 2024\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/af4179a1fa0aafffd0f867203b6c36e9a522f165\"\u003e\u003ccode\u003eaf4179a\u003c/code\u003e\u003c/a\u003e build maintenance, panic_immediate_abort break, test 3.15\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.18...3.11.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 6.31.1 to 6.33.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/f1ed02e41c193a66741572185bab94d34f43daec\"\u003e\u003ccode\u003ef1ed02e\u003c/code\u003e\u003c/a\u003e Package pyasn1 with pyproject.toml (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/93c4d4f0b6af84c13517b5700104ac57fb6d3fe5\"\u003e\u003ccode\u003e93c4d4f\u003c/code\u003e\u003c/a\u003e Switch documentation user to pyasn1 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/authentik/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔧 This PR updates 7 Python dependencies in the uv group, including critical security fixes for urllib3 and pyasn1, along with feature updates and performance improvements across multiple packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: urllib3 updated from 2.5.0 to 2.6.3 with fixes for decompression bomb vulnerabilities (CVE-2026-21441, CVE-2025-66471, CVE-2025-66418)\n- **ASN.1 Security**: pyasn1 updated from 0.6.1 to 0.6.2 with fix for OID/RELATIVE-OID decoder vulnerability (CVE-2026-23490)\n- **Azure SDK**: azure-core updated from 1.35.0 to 1.38.0 with breaking changes to continuation token format\n- **Performance Improvements**: cbor2 updated from 5.6.5 to 5.8.0 with 20-140% performance gains through readahead buffering\n- **Protocol Updates**: h2 updated from 4.2.0 to 4.3.0 with stricter header validation and dataclass conversion\n- **JSON Processing**: orjson updated from 3.10.18 to 3.11.5 with Python 3.14/3.15 compatibility\n- **Protocol Buffers**: protobuf updated from 6.31.1 to 6.33.5 with extensive breaking changes and new features\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 7 Package Updates]\n    B --\u003e C[Security Fixes]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Performance Improvements]\n    \n    C --\u003e F[urllib3: Decompression Bomb Fixes]\n    C --\u003e G[pyasn1: OID Decoder Fix]\n    \n    D --\u003e H[azure-core: New Continuation Token Format]\n    D --\u003e I[h2: Stricter Header Validation]\n    D --\u003e J[protobuf: Breaking API Changes]\n    \n    E --\u003e K[cbor2: Readahead Buffering]\n    E --\u003e L[orjson: Per-request Buffer Allocation]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple high-severity vulnerabilities in HTTP processing and ASN.1 parsing\n- **Performance Boost**: Significant improvements in CBOR decoding (20-140%) and JSON processing efficiency\n- **Compatibility**: Adds support for Python 3.14/3.15 while maintaining backward compatibility for most packages\n- **Breaking Changes**: azure-core continuation tokens and protobuf APIs require attention during deployment\n- **Reliability**: Improved error handling and stricter validation across HTTP/2 and protocol buffer processing\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/authentik/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fauthentik/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-01-28T02:30:02.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3863248355","node_id":"PR_kwDOOtp8w86_vjXW","number":173,"state":"open","title":"chore(deps): bump h2 from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-28T02:30:02.000Z","updated_at":"2026-01-28T02:32:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"}],"path":null,"ecosystem":"pip"},"body":"Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=h2\u0026package-manager=uv\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/andyngdz/exogen_backend/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/andyngdz/exogen_backend/pull/173","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyngdz%2Fexogen_backend/issues/173","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/173/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-01-22T19:38:40.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3844457584","node_id":"PR_kwDOPeaMis6-xusa","number":15,"state":"open","title":"chore(deps): bump the pip group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-22T19:38:40.000Z","updated_at":"2026-01-22T19:38:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":8,"packages":[{"name":"filelock","old_version":"3.18.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"cbor2","old_version":"5.6.5","new_version":"5.8.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.2","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"wheel","old_version":"0.45.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pip","old_version":"25.0.1","new_version":"25.3","repository_url":"https://github.com/pypa/pip"},{"name":"starlette","old_version":"0.47.2","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 8 updates in the /requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.18.0` | `3.20.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.6.3` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.6.5` | `5.8.0` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.2` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `25.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.47.2` | `0.49.1` |\n\n\nUpdates `filelock` from 3.18.0 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.18.0...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.6.5 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReset shared reference state at the start of each top-level encode/decode operation (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/266\"\u003e#266\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved performance on decoding large definite bytestrings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003e#240\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/240\"\u003eagronholm/cbor2#240\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/dwpaley\"\u003e\u003ccode\u003e@​dwpaley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a read(-1) vulnerability caused by boundary handling error (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003e#264\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/264\"\u003eagronholm/cbor2#264\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/tylzh97\"\u003e\u003ccode\u003e@​tylzh97\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14 (no free-threading support yet, sorry)\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/247\"\u003e#247\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/247\"\u003eagronholm/cbor2#247\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for encoding indefinite containers (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/256\"\u003e#256\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/256\"\u003eagronholm/cbor2#256\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/CZDanol\"\u003e\u003ccode\u003e@​CZDanol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded complex number support (tag 43000) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/249\"\u003e#249\u003c/a\u003e \u0026lt;\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/249\"\u003eagronholm/cbor2#249\u003c/a\u003e\u0026gt;_; PR by \u003ca href=\"https://github.com/chillenb\"\u003e\u003ccode\u003e@​chillenb\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c77cea8e0d77aebdb6eea051433352a1de824ff1\"\u003e\u003ccode\u003ec77cea8\u003c/code\u003e\u003c/a\u003e Removed macos-13 from the OS matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2320d95d93dbd1da5926a90351ccbfa78dfb70bc\"\u003e\u003ccode\u003e2320d95\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/9ff48e3ce4ec3f0f2db8752558756b9e95dbc3d0\"\u003e\u003ccode\u003e9ff48e3\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/22acea4740f244e2d2f500a62501be08fb9506b1\"\u003e\u003ccode\u003e22acea4\u003c/code\u003e\u003c/a\u003e Updated the version history entry for \u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c368bb394e8c8dd73669fdfa4cba633728ca20ae\"\u003e\u003ccode\u003ec368bb3\u003c/code\u003e\u003c/a\u003e Fixed the links and the semver declaration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824\"\u003e\u003ccode\u003efb4ee16\u003c/code\u003e\u003c/a\u003e Added a read-ahead buffer to the C decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/0bcf400a4575edce046ecdd2f9ab73ee606d8863\"\u003e\u003ccode\u003e0bcf400\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 5 updates (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/7aa6cad1840176affdbee97568cabfb2ef9ff566\"\u003e\u003ccode\u003e7aa6cad\u003c/code\u003e\u003c/a\u003e Added dependabot config for GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/6409f6aa994969333fd69c2688996d3e7aad9fc3\"\u003e\u003ccode\u003e6409f6a\u003c/code\u003e\u003c/a\u003e Added a security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/403c2ce3d61ce5ddc2d2143127baf31b7ab4a75c\"\u003e\u003ccode\u003e403c2ce\u003c/code\u003e\u003c/a\u003e Fixed nested shareable in arrays (python decoder only) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.6.5...5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/f1ed02e41c193a66741572185bab94d34f43daec\"\u003e\u003ccode\u003ef1ed02e\u003c/code\u003e\u003c/a\u003e Package pyasn1 with pyproject.toml (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/93c4d4f0b6af84c13517b5700104ac57fb6d3fe5\"\u003e\u003ccode\u003e93c4d4f\u003c/code\u003e\u003c/a\u003e Switch documentation user to pyasn1 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.1 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.0 (2024-11-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRefactored the \u003ccode\u003econvert\u003c/code\u003e command to not need setuptools to be installed\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't configure setuptools logging unless running \u003ccode\u003ebdist_wheel\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a redirection from \u003ccode\u003ewheel.bdist_wheel.bdist_wheel\u003c/code\u003e to\n\u003ccode\u003esetuptools.command.bdist_wheel.bdist_wheel\u003c/code\u003e to improve compatibility with\n\u003ccode\u003esetuptools\u003c/code\u003e' latest fixes.\u003c/p\u003e\n\u003cp\u003eProjects are still advised to migrate away from the deprecated  module and import\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.1...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.0.1 to 25.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e25.3 (2025-10-24)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for the legacy \u003ccode\u003esetup.py develop\u003c/code\u003e editable method in setuptools\neditable installs; setuptools \u0026gt;= 64 is now required. (\u003ccode\u003e[#11457](https://github.com/pypa/pip/issues/11457) \u0026lt;https://github.com/pypa/pip/issues/11457\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the deprecated \u003ccode\u003e--global-option\u003c/code\u003e and \u003ccode\u003e--build-option\u003c/code\u003e.\n\u003ccode\u003e--config-setting\u003c/code\u003e is now the only way to pass options to the build backend. (\u003ccode\u003e[#11859](https://github.com/pypa/pip/issues/11859) \u0026lt;https://github.com/pypa/pip/issues/11859\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate the \u003ccode\u003ePIP_CONSTRAINT\u003c/code\u003e environment variable for specifying build\nconstraints.\u003c/p\u003e\n\u003cp\u003eUse the \u003ccode\u003e--build-constraint\u003c/code\u003e option or the \u003ccode\u003ePIP_BUILD_CONSTRAINT\u003c/code\u003e environment variable\ninstead. When build constraints are used, \u003ccode\u003ePIP_CONSTRAINT\u003c/code\u003e no longer affects isolated build\nenvironments. To enable this behavior without specifying any build constraints, use\n\u003ccode\u003e--use-feature=build-constraint\u003c/code\u003e. (\u003ccode\u003e[#13534](https://github.com/pypa/pip/issues/13534) \u0026lt;https://github.com/pypa/pip/issues/13534\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for non-standard legacy wheel filenames. (\u003ccode\u003e[#13581](https://github.com/pypa/pip/issues/13581) \u0026lt;https://github.com/pypa/pip/issues/13581\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove support for the deprecated \u003ccode\u003esetup.py bdist_wheel\u003c/code\u003e mechanism. Consequently,\n\u003ccode\u003e--use-pep517\u003c/code\u003e is now always on, and \u003ccode\u003e--no-use-pep517\u003c/code\u003e has been removed. (\u003ccode\u003e[#6334](https://github.com/pypa/pip/issues/6334) \u0026lt;https://github.com/pypa/pip/issues/6334\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen :pep:\u003ccode\u003e658\u003c/code\u003e metadata is available, full distribution files are no longer downloaded when using \u003ccode\u003epip lock\u003c/code\u003e or \u003ccode\u003epip install --dry-run\u003c/code\u003e. (\u003ccode\u003e[#12603](https://github.com/pypa/pip/issues/12603) \u0026lt;https://github.com/pypa/pip/issues/12603\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAdd support for installing an editable requirement written as a Direct URL (\u003ccode\u003ePackageName @ URL\u003c/code\u003e). (\u003ccode\u003e[#13495](https://github.com/pypa/pip/issues/13495) \u0026lt;https://github.com/pypa/pip/issues/13495\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAdd support for build constraints via the \u003ccode\u003e--build-constraint\u003c/code\u003e option. This\nallows constraining the versions of packages used during the build process\n(e.g., setuptools) without affecting the final installation. (\u003ccode\u003e[#13534](https://github.com/pypa/pip/issues/13534) \u0026lt;https://github.com/pypa/pip/issues/13534\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eOn \u003ccode\u003eResolutionImpossible\u003c/code\u003e errors, include a note about causes with no candidates. (\u003ccode\u003e[#13588](https://github.com/pypa/pip/issues/13588) \u0026lt;https://github.com/pypa/pip/issues/13588\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eBuilding pip itself from source now uses flit-core instead of setuptools.\nThis does not affect how pip installs or builds packages you use. (\u003ccode\u003e[#13473](https://github.com/pypa/pip/issues/13473) \u0026lt;https://github.com/pypa/pip/issues/13473\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed \u003ccode\u003eVersion\u003c/code\u003e metadata entries and\nshow a sensible error message instead of crashing. (\u003ccode\u003e[#13443](https://github.com/pypa/pip/issues/13443) \u0026lt;https://github.com/pypa/pip/issues/13443\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePermit spaces between a filepath and extras in an install requirement. (\u003ccode\u003e[#13523](https://github.com/pypa/pip/issues/13523) \u0026lt;https://github.com/pypa/pip/issues/13523\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEnsure the self-check files in the cache have the same permissions as the rest of the cache. (\u003ccode\u003e[#13528](https://github.com/pypa/pip/issues/13528) \u0026lt;https://github.com/pypa/pip/issues/13528\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAvoid concurrency issues and improve performance when caching locally built wheels,\nespecially when the temporary build directory is on a different filesystem than the cache.\nThe wheel directory passed to the build backend is now a temporary subdirectory inside\nthe cache directory. (\u003ccode\u003e[#13540](https://github.com/pypa/pip/issues/13540) \u0026lt;https://github.com/pypa/pip/issues/13540\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eInclude relevant user-supplied constraints in logs when reporting dependency conflicts. (\u003ccode\u003e[#13545](https://github.com/pypa/pip/issues/13545) \u0026lt;https://github.com/pypa/pip/issues/13545\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a regression in configuration parsing that was turning a single value\ninto a list and thus leading to a validation error. (\u003ccode\u003e[#13548](https://github.com/pypa/pip/issues/13548) \u0026lt;https://github.com/pypa/pip/issues/13548\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFor Python versions that do not support :pep:\u003ccode\u003e706\u003c/code\u003e, pip will now raise an installation error for a\nsource distribution when it includes a symlink that points outside the source distribution archive. (\u003ccode\u003e[#13550](https://github.com/pypa/pip/issues/13550) \u0026lt;https://github.com/pypa/pip/issues/13550\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrevent \u003ccode\u003e--user\u003c/code\u003e installs if \u003ccode\u003esite.ENABLE_USER_SITE\u003c/code\u003e is set to \u003ccode\u003eFalse\u003c/code\u003e. (\u003ccode\u003e[#8794](https://github.com/pypa/pip/issues/8794) \u0026lt;https://github.com/pypa/pip/issues/8794\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/a52069365063ea813fe3a3f8bac90397c9426d35\"\u003e\u003ccode\u003ea520693\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/0f2973eded07de7fcfe90d494763821172bc2c5f\"\u003e\u003ccode\u003e0f2973e\u003c/code\u003e\u003c/a\u003e Fix up authors by adding entry to \u003ccode\u003e.mailmap\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/87828dc11b18b657d95fed4dc4ed996ba032e4f8\"\u003e\u003ccode\u003e87828dc\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ce6a38ce06886f1f711226600a5b002df1b70453\"\u003e\u003ccode\u003ece6a38c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13628\"\u003e#13628\u003c/a\u003e from sbidoul/imp-doc-pep517-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ee16c815eb52190a3ffa6d9e19e7dac78a0a0c3e\"\u003e\u003ccode\u003eee16c81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13629\"\u003e#13629\u003c/a\u003e from notatallshaw/bump-gone_in=\u0026quot;25.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3e227aafbfe5c464ce9f2fb72c446e29692ea6c2\"\u003e\u003ccode\u003e3e227aa\u003c/code\u003e\u003c/a\u003e Bump gone_in=\u0026quot;25.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4ad18287837da0bc52feb8dce03f604809395e3b\"\u003e\u003ccode\u003e4ad1828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13495\"\u003e#13495\u003c/a\u003e from ichard26/feat/direct-editables\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66ded3b043ae3e25d761ee092c1add0d98c9e4bf\"\u003e\u003ccode\u003e66ded3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13570\"\u003e#13570\u003c/a\u003e from ShubhamNagure/fix-constraint-reporting-13545\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/67e8ac2fc9002bfec8d371ecbe1a8813c64b68e9\"\u003e\u003ccode\u003e67e8ac2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13588\"\u003e#13588\u003c/a\u003e from notatallshaw/hint-on-resolution-impossible-whe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/990ca8a45149ea8980bd82699471fbabeeeec18c\"\u003e\u003ccode\u003e990ca8a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/8796\"\u003e#8796\u003c/a\u003e from pelson/honour_user_site\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...25.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.47.2 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.2...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/trizist/warehouse/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/trizist/warehouse/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/trizist%2Fwarehouse/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-01-19T04:26:25.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3827936557","node_id":"PR_kwDOF4uETc696oGp","number":700,"state":"open","title":"Deps: Bump the python-packages group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T04:26:25.000Z","updated_at":"2026-01-19T04:26:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":22,"packages":[{"name":"psutil","old_version":"7.0.0","new_version":"7.2.1","repository_url":"https://github.com/giampaolo/psutil"},{"name":"python-gnupg","old_version":"0.5.4","new_version":"0.5.6","repository_url":"https://github.com/vsajip/python-gnupg"},{"name":"tomli","old_version":"2.2.1","new_version":"2.4.0","repository_url":"https://github.com/hukkin/tomli"},{"name":"coverage","old_version":"7.10.1","new_version":"7.10.7","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pontos","old_version":"25.6.0","new_version":"25.8.1","repository_url":"https://github.com/greenbone/pontos"},{"name":"autohooks","old_version":"25.4.1","new_version":"25.11.0","repository_url":"https://github.com/greenbone/autohooks"},{"name":"anyio","old_version":"4.9.0","new_version":"4.12.1","repository_url":"https://github.com/agronholm/anyio"},{"name":"black","old_version":"25.1.0","new_version":"25.11.0","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2025.7.14","new_version":"2026.1.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"colorful","old_version":"0.5.7","new_version":"0.5.8","repository_url":"https://github.com/timofurrer/colorful"},{"name":"exceptiongroup","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/agronholm/exceptiongroup"},{"name":"h2","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/python-hyper/h2"},{"name":"idna","old_version":"3.10","new_version":"3.11","repository_url":"https://github.com/kjd/idna"},{"name":"isort","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/PyCQA/isort"},{"name":"lxml","old_version":"6.0.0","new_version":"6.0.2","repository_url":"https://github.com/lxml/lxml"},{"name":"pathspec","old_version":"0.12.1","new_version":"1.0.3","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.3.8","new_version":"4.4.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"rich","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/Textualize/rich"},{"name":"ruff","old_version":"0.12.5","new_version":"0.14.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"shtab","old_version":"1.7.2","new_version":"1.8.0","repository_url":"https://github.com/iterative/shtab"},{"name":"tomlkit","old_version":"0.13.3","new_version":"0.14.0","repository_url":"https://github.com/sdispater/tomlkit"},{"name":"typing-extensions","old_version":"4.14.1","new_version":"4.15.0","repository_url":"https://github.com/python/typing_extensions"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 22 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [psutil](https://github.com/giampaolo/psutil) | `7.0.0` | `7.2.1` |\n| [python-gnupg](https://github.com/vsajip/python-gnupg) | `0.5.4` | `0.5.6` |\n| [tomli](https://github.com/hukkin/tomli) | `2.2.1` | `2.4.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.1` | `7.10.7` |\n| [pontos](https://github.com/greenbone/pontos) | `25.6.0` | `25.8.1` |\n| [autohooks](https://github.com/greenbone/autohooks) | `25.4.1` | `25.11.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.9.0` | `4.12.1` |\n| [black](https://github.com/psf/black) | `25.1.0` | `25.11.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2025.7.14` | `2026.1.4` |\n| [colorful](https://github.com/timofurrer/colorful) | `0.5.7` | `0.5.8` |\n| [exceptiongroup](https://github.com/agronholm/exceptiongroup) | `1.3.0` | `1.3.1` |\n| [h2](https://github.com/python-hyper/h2) | `4.2.0` | `4.3.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.11` |\n| [isort](https://github.com/PyCQA/isort) | `6.0.1` | `6.1.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.0` | `6.0.2` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `0.12.1` | `1.0.3` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.3.8` | `4.4.0` |\n| [rich](https://github.com/Textualize/rich) | `14.1.0` | `14.2.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.12.5` | `0.14.13` |\n| [shtab](https://github.com/iterative/shtab) | `1.7.2` | `1.8.0` |\n| [tomlkit](https://github.com/sdispater/tomlkit) | `0.13.3` | `0.14.0` |\n| [typing-extensions](https://github.com/python/typing_extensions) | `4.14.1` | `4.15.0` |\n\n\nUpdates `psutil` from 7.0.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/giampaolo/psutil/blob/master/HISTORY.rst\"\u003epsutil's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e7.2.1\u003c/h1\u003e\n\u003cp\u003e2025-12-29\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2699_, [FreeBSD], [NetBSD]: \u003ccode\u003eheap_info()\u003c/code\u003e_ does not detect small allocations\n(\u0026lt;= 1K). In order to fix that, we now flush internal jemalloc cache before\nfetching the metrics.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.2.0\u003c/h1\u003e\n\u003cp\u003e2025-12-23\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEnhancements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e1275_: new \u003ccode\u003eheap_info()\u003c/code\u003e_ and \u003ccode\u003eheap_trim()\u003c/code\u003e_ functions, providing direct\naccess to the platform's native C heap allocator (glibc, mimalloc,\nlibmalloc). Useful to create tools to detect memory leaks.\u003c/li\u003e\n\u003cli\u003e2403_, [Linux]: publish wheels for Linux musl.\u003c/li\u003e\n\u003cli\u003e2680_: unit tests are no longer installed / part of the distribution. They\nnow live under \u003ccode\u003etests/\u003c/code\u003e instead of \u003ccode\u003epsutil/tests\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2684_, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing\ninclude.\u003c/li\u003e\n\u003cli\u003e2691_, [Windows]: fix memory leak in \u003ccode\u003enet_if_stats()\u003c/code\u003e_ due to missing\n\u003ccode\u003ePy_CLEAR\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eCompatibility notes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2680_: \u003ccode\u003eimport psutil.tests\u003c/code\u003e no longer works (but it was never documented to\nbegin with).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.1.3\u003c/h1\u003e\n\u003cp\u003e2025-11-02\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEnhancements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e2667_: enforce \u003ccode\u003eclang-format\u003c/code\u003e on all C and header files. It is now the\nmandatory formatting style for all C sources.\u003c/li\u003e\n\u003cli\u003e2672_, [macOS], [BSD]: increase the chances to recognize zombie processes and\nraise the appropriate exception (\u003ccode\u003eZombieProcess\u003c/code\u003e_).\u003c/li\u003e\n\u003cli\u003e2676_, 2678_: replace unsafe \u003ccode\u003esprintf\u003c/code\u003e / \u003ccode\u003esnprintf\u003c/code\u003e / \u003ccode\u003esprintf_s\u003c/code\u003e calls with\n\u003ccode\u003estr_format()\u003c/code\u003e. Replace \u003ccode\u003estrlcat\u003c/code\u003e / \u003ccode\u003estrlcpy\u003c/code\u003e with safe \u003ccode\u003estr_copy\u003c/code\u003e /\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/6130c19da2d01383befa0dfca2371a792f8881af\"\u003e\u003ccode\u003e6130c19\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2699\"\u003e#2699\u003c/a\u003e / BSD: flush internal jemalloc cache before returning metrics.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/899ee4efa9c1943de14a5818853b6dc9c019eb4f\"\u003e\u003ccode\u003e899ee4e\u003c/code\u003e\u003c/a\u003e Mention psleak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/704e218db7da14e98a54f2aa9f93372d5900e0b4\"\u003e\u003ccode\u003e704e218\u003c/code\u003e\u003c/a\u003e Pre-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/1a946cfe738045cecf031222cd5078da21946af4\"\u003e\u003ccode\u003e1a946cf\u003c/code\u003e\u003c/a\u003e Take psleak from PYPI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/5085421cabed317d5e2f7164e6072b0be05ba4f1\"\u003e\u003ccode\u003e5085421\u003c/code\u003e\u003c/a\u003e Use external psleak module for memleak tests (\u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2698\"\u003e#2698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/ac56e6ad0b7c08755a5542afdacb668ad164fd09\"\u003e\u003ccode\u003eac56e6a\u003c/code\u003e\u003c/a\u003e CI: don't cancel CI in progress on 1st failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/10fe3d5e9372a504167b0a4df440ab949c0410fe\"\u003e\u003ccode\u003e10fe3d5\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of github.com:giampaolo/psutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/ba507bd26bbfe5d1bdc45d606c8979f9e6f632cb\"\u003e\u003ccode\u003eba507bd\u003c/code\u003e\u003c/a\u003e Fix various CI errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/d5a1398f0860c04883ef881c4760f32d14ef4abf\"\u003e\u003ccode\u003ed5a1398\u003c/code\u003e\u003c/a\u003e Update cpu_count docs: clarify differences from os.cpu_count (\u003ca href=\"https://redirect.github.com/giampaolo/psutil/issues/2696\"\u003e#2696\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/giampaolo/psutil/commit/556158f55fc3b2f1271b48c66c46912323cf8bec\"\u003e\u003ccode\u003e556158f\u003c/code\u003e\u003c/a\u003e Refact memleak.py\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/giampaolo/psutil/compare/release-7.0.0...release-7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-gnupg` from 0.5.4 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vsajip/python-gnupg/releases\"\u003epython-gnupg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eEnhancement and bug-fix release 0.5.6\u003c/h2\u003e\n\u003cp\u003eThis is an enhancement and bug-fix release, and all users are encouraged to upgrade.\u003c/p\u003e\n\u003cp\u003eBrief summary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/261\"\u003e#261\u003c/a\u003e: Ensure capability, fingerprint and keygrip are added to subkey_info.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet username in the result when Verify uses a signing key that has expired or been revoked. Thanks to Steven Galgano for the patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release has been signed with my code signing key:\u003c/p\u003e\n\u003cp\u003eVinay Sajip (CODE SIGNING KEY) \u0026lt;vinay_sajip at yahoo.co.uk\u0026gt;\nFingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86\u003c/p\u003e\n\u003ch2\u003eEnhancement and bug-fix release 0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is an enhancement and bug-fix release, and all users are encouraged to upgrade.\u003c/p\u003e\n\u003cp\u003eBrief summary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/249\"\u003e#249\u003c/a\u003e: Handle fetching GPG version when not the first item in the configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/250\"\u003e#250\u003c/a\u003e: Capture uid info in a uid_map attribute of ScanKeys/ListKeys.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/255\"\u003e#255\u003c/a\u003e: Improve handling of exceptions raised in background threads.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release has been signed with my code signing key:\u003c/p\u003e\n\u003cp\u003eVinay Sajip (CODE SIGNING KEY) \u0026lt;vinay_sajip at yahoo.co.uk\u0026gt;\nFingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/54e9ca0f80f5a0d0b4252e13d5c431f3f5f40c71\"\u003e\u003ccode\u003e54e9ca0\u003c/code\u003e\u003c/a\u003e Changes for 0.5.6.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/8825037344b03473595e694e01a1e0fa5e74023f\"\u003e\u003ccode\u003e8825037\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/909cf606f07097feb5316c265f0108a4c753f9a5\"\u003e\u003ccode\u003e909cf60\u003c/code\u003e\u003c/a\u003e Remove Travis CI and AppVeyor config (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/269\"\u003e#269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/f0bfa1acb7000cfff3bfdec5d9bff15299c364d3\"\u003e\u003ccode\u003ef0bfa1a\u003c/code\u003e\u003c/a\u003e Drop redundant \u003ccode\u003ewheel\u003c/code\u003e from PEP 517 build deps (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/9b0399b4684a1f8d9e763c99c94cd9baed5ebc34\"\u003e\u003ccode\u003e9b0399b\u003c/code\u003e\u003c/a\u003e Fix typo: spell decrypted_data correctly in the documentation. (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/263\"\u003e#263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/fcedea7ac922cf5113c28beff16e59340fa4731c\"\u003e\u003ccode\u003efcedea7\u003c/code\u003e\u003c/a\u003e Added capability to subkey_info, reformatted code.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/eca04eb5c9f5d251bb32a183427acb8fbe564102\"\u003e\u003ccode\u003eeca04eb\u003c/code\u003e\u003c/a\u003e Set username when Verify uses a signing key that has expired or been (\u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/acfa89869940b81a96c6eb1e475c1c4f645ae879\"\u003e\u003ccode\u003eacfa898\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/vsajip/python-gnupg/issues/261\"\u003e#261\u003c/a\u003e: Ensure fingerprint and keygrip are added to subkey_info.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/8148db43edf62ca8310000f0aaae138784c0e51b\"\u003e\u003ccode\u003e8148db4\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsajip/python-gnupg/commit/2e829849129d4789b8877fe621349b09ca5b29cd\"\u003e\u003ccode\u003e2e82984\u003c/code\u003e\u003c/a\u003e Added tag 0.5.5 for changeset 1b77f5b12ad7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vsajip/python-gnupg/compare/0.5.4...0.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tomli` from 2.2.1 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hukkin/tomli/blob/master/CHANGELOG.md\"\u003etomli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded\n\u003cul\u003e\n\u003cli\u003eTOML v1.1.0 compatibility\u003c/li\u003e\n\u003cli\u003eBinary wheels for Windows arm64\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded\n\u003cul\u003e\n\u003cli\u003eBinary wheels for Python 3.14 (also free-threaded)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ePerformance\n\u003cul\u003e\n\u003cli\u003eReduced import time\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/a678e6fdeffa89bd28e4ecc148b926a4e1bbbc7b\"\u003e\u003ccode\u003ea678e6f\u003c/code\u003e\u003c/a\u003e Bump version: 2.3.0 → 2.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/b8a1358cd4f3932b910333e0179270093596ce64\"\u003e\u003ccode\u003eb8a1358\u003c/code\u003e\u003c/a\u003e Tests: remove now needless \u0026quot;TOML compliance\u0026quot;-\u0026gt;\u0026quot;burntsushi\u0026quot; format conversion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/497937545351e0b4c8afe2299d5ddfb4a7e050cc\"\u003e\u003ccode\u003e4979375\u003c/code\u003e\u003c/a\u003e Update GitHub actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/f890dd1719da0e0f4e83cac39218ba2ded61fa94\"\u003e\u003ccode\u003ef890dd1\u003c/code\u003e\u003c/a\u003e Update pre-commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/d9c65c3379b8b92dfab52c8c694605b1aea5a65d\"\u003e\u003ccode\u003ed9c65c3\u003c/code\u003e\u003c/a\u003e Add 2.4.0 change log\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/0efe49d88c2d6ee38e3ad21bfcf64249968fe6c4\"\u003e\u003ccode\u003e0efe49d\u003c/code\u003e\u003c/a\u003e Update README for v2.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/9eb2125ef49071e673d42e383b5221a268665193\"\u003e\u003ccode\u003e9eb2125\u003c/code\u003e\u003c/a\u003e TOML 1.1: Make seconds optional in Date-Time and Time (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/12314bde5b89a8bdc32de7403a2a4cf786187bbc\"\u003e\u003ccode\u003e12314bd\u003c/code\u003e\u003c/a\u003e TOML 1.1: Add \\xHH Unicode escape code to basic strings (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/2a2aa62f1bc71b89b74d41dd2ab67b5dd24bc129\"\u003e\u003ccode\u003e2a2aa62\u003c/code\u003e\u003c/a\u003e TOML 1.1: Allow newlines and trailing comma in inline tables (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/38297f82cd0ef067f1afd2ffb8dfa73b65c398da\"\u003e\u003ccode\u003e38297f8\u003c/code\u003e\u003c/a\u003e Xfail on tests for TOML 1.1 features not yet supported\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hukkin/tomli/compare/2.2.1...2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.1 to 7.10.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.10.7 — 2025-09-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: with branch coverage in large files, generating HTML, JSON, or\nLCOV reports could take far too long due to some quadratic behavior when\ncreating the function and class index pages.  This is now fixed, closing\n\u003ccode\u003eissue 2048\u003c/code\u003e_.  Thanks to Daniel Diniz for help diagnosing the problem.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMost warnings and a few errors now have links to a page in the docs\nexplaining the specific message.  Closes \u003ccode\u003eissue 1921\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1921: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1921\"\u003ecoveragepy/coveragepy#1921\u003c/a\u003e\n.. _issue 2048: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2048\"\u003ecoveragepy/coveragepy#2048\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-6:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.6 — 2025-08-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003esource\u003c/code\u003e directories were not properly communicated to subprocesses\nthat ran in different directories, as reported in \u003ccode\u003eissue 1499\u003c/code\u003e_.  This is now\nfixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: \u003ccode\u003eAlex Gaynor continues fine-tuning \u0026lt;pull 2038_\u0026gt;\u003c/code\u003e_ the speed of\ncombination, especially with many contexts.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1499: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1499\"\u003ecoveragepy/coveragepy#1499\u003c/a\u003e\n.. _pull 2038: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2038\"\u003ecoveragepy/coveragepy#2038\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.5 — 2025-08-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBig speed improvements for \u003ccode\u003ecoverage combine\u003c/code\u003e: it's now about twice as\nfast! Huge thanks to Alex Gaynor for pull requests \u003ccode\u003e2032 \u0026lt;pull 2032_\u0026gt;\u003c/code\u003e\u003cem\u003e,\n\u003ccode\u003e2033 \u0026lt;pull 2033_\u0026gt;\u003c/code\u003e\u003c/em\u003e, and \u003ccode\u003e2034 \u0026lt;pull 2034_\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _pull 2032: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2032\"\u003ecoveragepy/coveragepy#2032\u003c/a\u003e\n.. _pull 2033: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2033\"\u003ecoveragepy/coveragepy#2033\u003c/a\u003e\n.. _pull 2034: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2034\"\u003ecoveragepy/coveragepy#2034\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-10-4:\u003c/p\u003e\n\u003ch2\u003eVersion 7.10.4 — 2025-08-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/92a2af54e6bc948a9c536bd9b12bab70fb055904\"\u003e\u003ccode\u003e92a2af5\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.10.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/952afdaca658d5e1acdd533c727448a0b218caf0\"\u003e\u003ccode\u003e952afda\u003c/code\u003e\u003c/a\u003e docs: prep for 7.10.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a301761e69da97b27662f395974d26f78fa8b2b5\"\u003e\u003ccode\u003ea301761\u003c/code\u003e\u003c/a\u003e build: riscv64 wheels (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2055\"\u003e#2055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5daff8d38786aa540ff9bec622eb3389f117f911\"\u003e\u003ccode\u003e5daff8d\u003c/code\u003e\u003c/a\u003e docs: now source is formatted with ruff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/04bbc3acfd914fdd99ffec9873bc03bdc7329357\"\u003e\u003ccode\u003e04bbc3a\u003c/code\u003e\u003c/a\u003e docs: discuss cog in the contributing docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c181b9315f59a81667da47cf3d760d0253872238\"\u003e\u003ccode\u003ec181b93\u003c/code\u003e\u003c/a\u003e build: use cog --check-fail-msg to instruct devs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/33c4ba196f49e0ee86ab0ff473c0876c0bacd5fa\"\u003e\u003ccode\u003e33c4ba1\u003c/code\u003e\u003c/a\u003e chore: make upgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/0744b73b6b503ccf2cb75aba095c023672b921a8\"\u003e\u003ccode\u003e0744b73\u003c/code\u003e\u003c/a\u003e chore: bump the action-dependencies group across 1 directory with 2 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/0d5a112fc54c1d5a07f3f2ec451779808902c9af\"\u003e\u003ccode\u003e0d5a112\u003c/code\u003e\u003c/a\u003e perf: bulk narrowing to avoid N**2. \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2048\"\u003e#2048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a868ed9269ca474748130f5c6360cd2aae66ffc8\"\u003e\u003ccode\u003ea868ed9\u003c/code\u003e\u003c/a\u003e docs: mention Python Discord on the index page\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.1...7.10.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pontos` from 25.6.0 to 25.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/pontos/releases\"\u003epontos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epontos 25.8.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.8.0...v25.8.1\"\u003e25.8.1\u003c/a\u003e - 2025-08-20\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRust support for workspace.package.version \u003ca href=\"https://github.com/greenbone/pontos/commit/83e17f1a\"\u003e83e17f1a\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/checkout from 4.2.2 to 4.3.0 in the actions group \u003ca href=\"https://github.com/greenbone/pontos/commit/c2656f8e\"\u003ec2656f8e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump coverage from 7.10.3 to 7.10.4 in the python-packages group \u003ca href=\"https://github.com/greenbone/pontos/commit/18e2dee7\"\u003e18e2dee7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.8.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.2...v25.8.0\"\u003e25.8.0\u003c/a\u003e - 2025-08-12\u003c/h2\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake it possible to read [workspace.project] in cargo.toml \u003ca href=\"https://github.com/greenbone/pontos/commit/57ca3c2c\"\u003e57ca3c2c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse 'Array' in cargo tests instead of 'Table' \u003ca href=\"https://github.com/greenbone/pontos/commit/cabc6ea7\"\u003ecabc6ea7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 3 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/a5e524c5\"\u003ea5e524c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/0be16215\"\u003e0be16215\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.1...v25.7.2\"\u003e25.7.2\u003c/a\u003e - 2025-07-30\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvalid CVE configurations data for node schema \u003ca href=\"https://github.com/greenbone/pontos/commit/a6287f1e\"\u003ea6287f1e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v25.7.0...v25.7.1\"\u003e25.7.1\u003c/a\u003e - 2025-07-29\u003c/h2\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group across 1 directory with 4 updates \u003ca href=\"https://github.com/greenbone/pontos/commit/175a6401\"\u003e175a6401\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump starlette from 0.47.1 to 0.47.2 \u003ca href=\"https://github.com/greenbone/pontos/commit/073c944b\"\u003e073c944b\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 25.7.0\u003c/h2\u003e\n\u003ch2\u003e[25.7.0] - 2025-07-28\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eformat_date timespec and fallback timezone \u003ca href=\"https://github.com/greenbone/pontos/commit/12da523c\"\u003e12da523c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/7189a16de789e0615402690cc905ba8dddc2c81f\"\u003e\u003ccode\u003e7189a16\u003c/code\u003e\u003c/a\u003e Automatic release to 25.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/83e17f1ad6786196013c53ff1331352a2175e496\"\u003e\u003ccode\u003e83e17f1\u003c/code\u003e\u003c/a\u003e Change: Rust support for workspace.package.version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/c2656f8e1ed6d6ec61db983c79d261ee5a54f107\"\u003e\u003ccode\u003ec2656f8\u003c/code\u003e\u003c/a\u003e Deps: Bump actions/checkout from 4.2.2 to 4.3.0 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/18e2dee7d7b754248e7817eed034517275d358aa\"\u003e\u003ccode\u003e18e2dee\u003c/code\u003e\u003c/a\u003e Deps: Bump coverage from 7.10.3 to 7.10.4 in the python-packages group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/69db3f909cb502fc05bd90d3c51fb84280462b22\"\u003e\u003ccode\u003e69db3f9\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/f004abbee5e6a726fefc0baeb2a1a44952ec54a4\"\u003e\u003ccode\u003ef004abb\u003c/code\u003e\u003c/a\u003e Automatic release to 25.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/cabc6ea7553d84e3f8888f27f5cc3af51f5b3168\"\u003e\u003ccode\u003ecabc6ea\u003c/code\u003e\u003c/a\u003e Fix: Use 'Array' in cargo tests instead of 'Table'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/57ca3c2c7d076ee78591f814f61035034d2b6ae4\"\u003e\u003ccode\u003e57ca3c2\u003c/code\u003e\u003c/a\u003e change: Make it possible to read [workspace.project] in cargo.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a5e524c5fc927a2645925ccb261583c7bba5fe79\"\u003e\u003ccode\u003ea5e524c\u003c/code\u003e\u003c/a\u003e Deps: Bump the python-packages group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/0be162159d1760e0e120d3b1e0e0f113068a6d87\"\u003e\u003ccode\u003e0be1621\u003c/code\u003e\u003c/a\u003e Deps: Bump the python-packages group with 3 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/pontos/compare/v25.6.0...v25.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `autohooks` from 25.4.1 to 25.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/autohooks/releases\"\u003eautohooks's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eautohooks 25.11.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/autohooks/compare/v25.4.1...v25.11.0\"\u003e25.11.0\u003c/a\u003e - 2025-11-12\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs in utils.py \u003ca href=\"https://github.com/greenbone/autohooks/commit/72d35b5\"\u003e72d35b5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/20ebe2e\"\u003e20ebe2e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/23aa3ce\"\u003e23aa3ce\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.14.1 to 0.14.2 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/281256f\"\u003e281256f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/854ad74\"\u003e854ad74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/d300d01\"\u003ed300d01\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 3 to 4 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/3a831d3\"\u003e3a831d3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 11 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/884f854\"\u003e884f854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/9c353bd\"\u003e9c353bd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.12.11 to 0.12.12 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/83b15f6\"\u003e83b15f6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 5 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/4406ed8\"\u003e4406ed8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 5 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/cb2ace3\"\u003ecb2ace3\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 7 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/cb1e5ed\"\u003ecb1e5ed\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 5 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/d9ea536\"\u003ed9ea536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 7 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/a285e18\"\u003ea285e18\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/f86ae40\"\u003ef86ae40\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group across 1 directory with 8 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/6db3de9\"\u003e6db3de9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump urllib3 from 2.4.0 to 2.5.0 \u003ca href=\"https://github.com/greenbone/autohooks/commit/d7575e1\"\u003ed7575e1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/2a2d6c0\"\u003e2a2d6c0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/a34e40c\"\u003ea34e40c\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/8b38426\"\u003e8b38426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/0810181\"\u003e0810181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump ruff from 0.11.9 to 0.11.10 in the dependencies group \u003ca href=\"https://github.com/greenbone/autohooks/commit/e66e3b4\"\u003ee66e3b4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 4 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/389ddfc\"\u003e389ddfc\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 3 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/51dcf29\"\u003e51dcf29\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the dependencies group with 2 updates \u003ca href=\"https://github.com/greenbone/autohooks/commit/cc8c5e4\"\u003ecc8c5e4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/fbc2f2e18e1d6687f1b75c405497eea097de90bf\"\u003e\u003ccode\u003efbc2f2e\u003c/code\u003e\u003c/a\u003e Automatic release to 25.11.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/20ebe2e89eb34bdef362dac45457b8e7d71a4a36\"\u003e\u003ccode\u003e20ebe2e\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/23aa3ce252f2c54ed35b531b841e9b2a62467532\"\u003e\u003ccode\u003e23aa3ce\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/5e4a2f39f633262257785c2eceb7e2dc3b727405\"\u003e\u003ccode\u003e5e4a2f3\u003c/code\u003e\u003c/a\u003e Fix  Add or Update detect-hidden-unicode.yml (\u003ca href=\"https://redirect.github.com/greenbone/autohooks/issues/753\"\u003e#753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/281256f4d84f740ce798171c23869503420321e2\"\u003e\u003ccode\u003e281256f\u003c/code\u003e\u003c/a\u003e Deps: Bump ruff from 0.14.1 to 0.14.2 in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/854ad742cb81790c087308de884608f33949ffa2\"\u003e\u003ccode\u003e854ad74\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 3 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/d300d01bcc7a964f5f27bf2ffdc0ffcf493498c1\"\u003e\u003ccode\u003ed300d01\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/3a831d333cd22e6e86cfe9ba5b7e6c4a2ce4594c\"\u003e\u003ccode\u003e3a831d3\u003c/code\u003e\u003c/a\u003e Deps: Bump github/codeql-action from 3 to 4 in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/884f854ec7daa9cbbec6d91e0a3f979919f75177\"\u003e\u003ccode\u003e884f854\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group across 1 directory with 11 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/autohooks/commit/9c353bdf19eeb1baaba2d73d225205cc8647bb8b\"\u003e\u003ccode\u003e9c353bd\u003c/code\u003e\u003c/a\u003e Deps: Bump the dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/autohooks/compare/v25.4.1...v25.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.9.0 to 4.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.12.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged all functions currently raising the private \u003ccode\u003eNoCurrentAsyncBackend\u003c/code\u003e exception (since v4.12.0) to instead raise the public \u003ccode\u003eNoEventLoopError\u003c/code\u003e exception (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with instance methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.12.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for asyncio's \u003ca href=\"https://docs.python.org/3/library/asyncio-graph.html\"\u003etask call graphs\u003c/a\u003e on Python 3.14 and later when using AnyIO's task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1025\"\u003e#1025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded an asynchronous implementation of the \u003ccode\u003efunctools\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003euvloop=True\u003c/code\u003e on Windows via the \u003ca href=\"https://github.com/Vizonex/Winloop\"\u003ewinloop\u003c/a\u003e implementation (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/960\"\u003e#960\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Vizonex\"\u003e\u003ccode\u003e@​Vizonex\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded support for use as a context manager to \u003ccode\u003eanyio.lowlevel.RunVar\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1003\"\u003e#1003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e__all__\u003c/code\u003e declarations to public submodules (\u003ccode\u003eanyio.lowlevel\u003c/code\u003e etc.) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1009\"\u003e#1009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to set the token count of a \u003ccode\u003eCapacityLimiter\u003c/code\u003e to zero (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1019\"\u003e#1019\u003c/a\u003e; requires Python 3.10 or later when using Trio)\u003c/li\u003e\n\u003cli\u003eAdded parameters \u003ccode\u003ecase_sensitive\u003c/code\u003e and \u003ccode\u003erecurse_symlinks\u003c/code\u003e along with support for path-like objects to \u003ccode\u003eanyio.Path.glob()\u003c/code\u003e and \u003ccode\u003eanyio.Path.rglob()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1033\"\u003e#1033\u003c/a\u003e; PR by \u003ca href=\"https://github.com/northisup\"\u003e\u003ccode\u003e@​northisup\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped \u003ccode\u003esniffio\u003c/code\u003e as a direct dependency and added the \u003ccode\u003eget_available_backends()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not raising \u003ccode\u003eClosedResourceError\u003c/code\u003e and \u003ccode\u003eBrokenResourceError\u003c/code\u003e on asyncio. Previously, a non-AnyIO exception was raised in such cases (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcess.stdin.send()\u003c/code\u003e not checkpointing before writing data on asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1002\"\u003e#1002\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a race condition where cancelling a \u003ccode\u003eFuture\u003c/code\u003e from \u003ccode\u003eBlockingPortal.start_task_soon()\u003c/code\u003e would sometimes not cancel the async function (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1011\"\u003e#1011\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the presence of the pytest plugin causing breakage with older versions of pytest (\u0026lt;= 6.1.2) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1028\"\u003e#1028\u003c/a\u003e; PR by \u003ca href=\"https://github.com/saper\"\u003e\u003ccode\u003e@​saper\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a rarely occurring \u003ccode\u003eRuntimeError: Set changed size during iteration\u003c/code\u003e while shutting down the process pool when using the asyncio backend (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for cancellation reasons (the \u003ccode\u003ereason\u003c/code\u003e parameter to \u003ccode\u003eCancelScope.cancel()\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum version of Trio to v0.31.0\u003c/li\u003e\n\u003cli\u003eAdded the ability to enter the event loop from foreign (non-worker) threads by passing the return value of \u003ccode\u003eanyio.lowlevel.current_token()\u003c/code\u003e to \u003ccode\u003eanyio.from_thread.run()\u003c/code\u003e and \u003ccode\u003eanyio.from_thread.run_sync()\u003c/code\u003e as the \u003ccode\u003etoken\u003c/code\u003e keyword argument (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded pytest option (\u003ccode\u003eanyio_mode = \u0026quot;auto\u0026quot;\u003c/code\u003e) to make the pytest plugin automatically handle all async tests (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/971\"\u003e#971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003eanyio.Condition.wait_for()\u003c/code\u003e method for feature parity with asyncio (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the default type argument of \u003ccode\u003eanyio.abc.TaskStatus\u003c/code\u003e from \u003ccode\u003eAny\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when \u003ccode\u003elocal_port=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/857\"\u003e#857\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed inconsistency between Trio and asyncio where a TCP stream that previously raised a \u003ccode\u003eBrokenResourceError\u003c/code\u003e on \u003ccode\u003esend()\u003c/code\u003e would still raise \u003ccode\u003eBrokenResourceError\u003c/code\u003e after the stream was closed on asyncio, but \u003ccode\u003eClosedResourceError\u003c/code\u003e on Trio. They now both raise a \u003ccode\u003eClosedResourceError\u003c/code\u003e in this scenario. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/671\"\u003e#671\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003efeed_data()\u003c/code\u003e method to the \u003ccode\u003eBufferedByteReceiveStream\u003c/code\u003e class, allowing users to inject data directly into the buffer\u003c/li\u003e\n\u003cli\u003eAdded various class methods to wrap existing sockets as listeners or socket streams:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSocketListener.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSocketStream.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUNIXSocketStream.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUDPSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnectedUDPSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eUNIXDatagramSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnectedUNIXDatagramSocket.from_socket()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdded a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects\u003c/li\u003e\n\u003cli\u003eAdded context manager mix-in classes (\u003ccode\u003eanyio.ContextManagerMixin\u003c/code\u003e and \u003ccode\u003eanyio.AsyncContextManagerMixin\u003c/code\u003e) to help write classes that embed other context managers, particularly cancel scopes or task groups (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/905\"\u003e#905\u003c/a\u003e; PR by \u003ca href=\"https://github.com/agronholm\"\u003e\u003ccode\u003e@​agronholm\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/tapetersen\"\u003e\u003ccode\u003e@​tapetersen\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded the ability to specify the thread name in \u003ccode\u003estart_blocking_portal()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/818\"\u003e#818\u003c/a\u003e; PR by \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eanyio.notify_closing\u003c/code\u003e to allow waking \u003ccode\u003eanyio.wait_readable\u003c/code\u003e and \u003ccode\u003eanyio.wait_writable\u003c/code\u003e before closing a socket. Among other things, this prevents an OSError on the \u003ccode\u003eProactorEventLoop\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/896\"\u003e#896\u003c/a\u003e; PR by \u003ca href=\"https://github.com/graingert\"\u003e\u003ccode\u003e@​graingert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIncorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)\u003c/li\u003e\n\u003cli\u003eAdded a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's\u003c/li\u003e\n\u003cli\u003eUpdated the \u003ccode\u003eto_interpreters\u003c/code\u003e module to use the public \u003ccode\u003econcurrent.interpreters\u003c/code\u003e API on Python 3.14 or later\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path.copy()\u003c/code\u003e and \u003ccode\u003eanyio.Path.copy_into()\u003c/code\u003e failing on Python 3.14.0a7\u003c/li\u003e\n\u003cli\u003eFixed return annotation of \u003ccode\u003e__aexit__\u003c/code\u003e on async context managers. CMs which can suppress exceptions should return \u003ccode\u003ebool\u003c/code\u003e, or \u003ccode\u003eNone\u003c/code\u003e otherwise. (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/913\"\u003e#913\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Enegg\"\u003e\u003ccode\u003e@​Enegg\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed rollover boundary check in \u003ccode\u003eSpooledTemporaryFile\u003c/code\u003e so that rollover only occurs when the buffer size exceeds \u003ccode\u003emax_size\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/915\"\u003e#915\u003c/a\u003e; PR by \u003ca href=\"https://github.com/11kkw\"\u003e\u003ccode\u003e@​11kkw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated testing and documentation dependencies from extras to dependency groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/a0dccbd78d75886247ae7846b460fd390cc94fbd\"\u003e\u003ccode\u003ea0dccbd\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/e1121a735c977c00c18b3a581d28daf83a279833\"\u003e\u003ccode\u003ee1121a7\u003c/code\u003e\u003c/a\u003e Enabled tests for the 4.12.x branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/69ab43e549517ce554f84365fed9da90e806c303\"\u003e\u003ccode\u003e69ab43e\u003c/code\u003e\u003c/a\u003e Fixed \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e not working with methods (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/4f4b33ed56edd1bc4785a368a103ad8138730d91\"\u003e\u003ccode\u003e4f4b33e\u003c/code\u003e\u003c/a\u003e Remove \u003ccode\u003eBlockingPortal.__new__\u003c/code\u003e hack (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/af17d89b80ebbd526215e2dbd025b284730aaa3f\"\u003e\u003ccode\u003eaf17d89\u003c/code\u003e\u003c/a\u003e Replaced the NoCurrentAsyncBackend exception with NoEventLoopError (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/4310264312a2e86e792481bdb05bdb381678a6b5\"\u003e\u003ccode\u003e4310264\u003c/code\u003e\u003c/a\u003e Updated pre-commit modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/0cc6723ba5a2fdaa98a24852d3681c4ed99b8863\"\u003e\u003ccode\u003e0cc6723\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/bc021b634291223d6829c0a689152173443a8545\"\u003e\u003ccode\u003ebc021b6\u003c/code\u003e\u003c/a\u003e Fixed the download-artifact settings to retain the expected behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/c6000aa2837f75733f3c09c454f5a31eb9f9f536\"\u003e\u003ccode\u003ec6000aa\u003c/code\u003e\u003c/a\u003e Corrected the format of the version in the changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9d1bfe0da4261bcef3c10cd31218237805a89937\"\u003e\u003ccode\u003e9d1bfe0\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.9.0...4.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.1.0 to 25.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.11.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable base 3.14 support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for the new Python 3.14 t-string syntax introduced by PEP 750 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where comments between \u003ccode\u003e# fmt: off\u003c/code\u003e and \u003ccode\u003e# fmt: on\u003c/code\u003e were reformatted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComments containing fmt directives now preserve their exact formatting instead of\nbeing normalized (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove \u003ccode\u003emultiline_string_handling\u003c/code\u003e from \u003ccode\u003e--unstable\u003c/code\u003e to \u003ccode\u003e--preview\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4760\"\u003e#4760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where module docstrings would be treated as normal strings if preceded by\ncomments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where python 3.12 generics syntax split line happens weirdly (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStandardize type comments to form \u003ccode\u003e# type: \u0026lt;value\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e preview feature to respect \u003ccode\u003e# fmt: skip\u003c/code\u003e for compound\nstatements with semicolon-separated bodies (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eno_cache\u003c/code\u003e option to control caching behavior. (\u003ca href=\"https://redirect.github.com/psf/black/issues/4803\"\u003e#4803\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReleases now include arm64 Linux binaries (\u003ca href=\"https://redirect.github.com/psf/black/issues/4773\"\u003e#4773\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWrite unchanged content to stdout when excluding formatting from stdin using pipes\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4610\"\u003e#4610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented BlackDClient. This simple python client allows to easily send formatting\nrequests to blackd (\u003ca href=\"https://redirect.github.com/psf/black/issues/4774\"\u003e#4774\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eIntegrations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable 3.14 base CI (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnhance GitHub Action \u003ccode\u003epsf/black\u003c/code\u003e to support the \u003ccode\u003erequired-version\u003c/code\u003e major-version-only\n\u0026quot;stability\u0026quot; format when using pyproject.toml (\u003ca href=\"https://redirect.github.com/psf/black/issues/4770\"\u003e#4770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for vim plugin users. It now handles independently vim version\u003c/li\u003e\n\u003cli\u003eVim: Warn on unsupported Vim and Python versions independently (\u003ca href=\"https://redirect.github.com/psf/black/issues/4772\"\u003e#4772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Print the import paths when importing black fails (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Fix handling of virtualenvs that have a different Python version (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.11.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable base 3.14 support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for the new Python 3.14 t-string syntax introduced by PEP 750 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where comments between \u003ccode\u003e# fmt: off\u003c/code\u003e and \u003ccode\u003e# fmt: on\u003c/code\u003e were reformatted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComments containing fmt directives now preserve their exact formatting instead of\nbeing normalized (\u003ca href=\"https://redirect.github.com/psf/black/issues/4811\"\u003e#4811\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove \u003ccode\u003emultiline_string_handling\u003c/code\u003e from \u003ccode\u003e--unstable\u003c/code\u003e to \u003ccode\u003e--preview\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4760\"\u003e#4760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where module docstrings would be treated as normal strings if preceded by\ncomments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix bug where python 3.12 generics syntax split line happens weirdly (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStandardize type comments to form \u003ccode\u003e# type: \u0026lt;value\u0026gt;\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e preview feature to respect \u003ccode\u003e# fmt: skip\u003c/code\u003e for compound\nstatements with semicolon-separated bodies (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eno_cache\u003c/code\u003e option to control caching behavior. (\u003ca href=\"https://redirect.github.com/psf/black/issues/4803\"\u003e#4803\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReleases now include arm64 Linux binaries (\u003ca href=\"https://redirect.github.com/psf/black/issues/4773\"\u003e#4773\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWrite unchanged content to stdout when excluding formatting from stdin using pipes\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4610\"\u003e#4610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplemented BlackDClient. This simple python client allows to easily send formatting\nrequests to blackd (\u003ca href=\"https://redirect.github.com/psf/black/issues/4774\"\u003e#4774\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eIntegrations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable 3.14 base CI (\u003ca href=\"https://redirect.github.com/psf/black/issues/4804\"\u003e#4804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnhance GitHub Action \u003ccode\u003epsf/black\u003c/code\u003e to support the \u003ccode\u003erequired-version\u003c/code\u003e major-version-only\n\u0026quot;stability\u0026quot; format when using pyproject.toml (\u003ca href=\"https://redirect.github.com/psf/black/issues/4770\"\u003e#4770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for vim plugin users. It now handles independently vim version\u003c/li\u003e\n\u003cli\u003eVim: Warn on unsupported Vim and Python versions independently (\u003ca href=\"https://redirect.github.com/psf/black/issues/4772\"\u003e#4772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Print the import paths when importing black fails (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVim: Fix handling of virtualenvs that have a different Python version (\u003ca href=\"https://redirect.github.com/psf/black/issues/4675\"\u003e#4675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/05f0a8ce1f71fbb36e1e032d3b518c7b945089a2\"\u003e\u003ccode\u003e05f0a8c\u003c/code\u003e\u003c/a\u003e Prepare for 25.11.0 release (\u003ca href=\"https://redirect.github.com/psf/black/issues/4825\"\u003e#4825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ae17c61310e44401ca55d17a9c01db1dc03940a6\"\u003e\u003ccode\u003eae17c61\u003c/code\u003e\u003c/a\u003e Fix tests on pytest 9 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4835\"\u003e#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/138745eca650aa59ab30458f7b1c026b66608a09\"\u003e\u003ccode\u003e138745e\u003c/code\u003e\u003c/a\u003e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/18170d6d8d9bdde97d4cd3568cfa8be434a09ff3\"\u003e\u003ccode\u003e18170d6\u003c/code\u003e\u003c/a\u003e ci: add label for running all builds on a pull request (\u003ca href=\"https://redirect.github.com/psf/black/issues/4833\"\u003e#4833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0e793e3d7e0d12dbda1573fa1bb785b1f066ee7c\"\u003e\u003ccode\u003e0e793e3\u003c/code\u003e\u003c/a\u003e fix windows wheels (\u003ca href=\"https://redirect.github.com/psf/black/issues/4830\"\u003e#4830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b71f36c9fda07930c83e22681e0ec08ddf5a3980\"\u003e\u003ccode\u003eb71f36c\u003c/code\u003e\u003c/a\u003e Use build[uv] as cibuildwheel frontend (\u003ca href=\"https://redirect.github.com/psf/black/issues/4831\"\u003e#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/a7bd594493bb5cb703beee877a2df40556b0baaa\"\u003e\u003ccode\u003ea7bd594\u003c/code\u003e\u003c/a\u003e Skip free threaded builds in cibuildwheel (\u003ca href=\"https://redirect.github.com/psf/black/issues/4829\"\u003e#4829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/862dee91fa1259ca2bc00f10538b52a4959bdbe8\"\u003e\u003ccode\u003e862dee9\u003c/code\u003e\u003c/a\u003e Update cibuildwheel (\u003ca href=\"https://redirect.github.com/psf/black/issues/4828\"\u003e#4828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b5f354c56627640e0b853af51a51d9262bafa9f0\"\u003e\u003ccode\u003eb5f354c\u003c/code\u003e\u003c/a\u003e build: restrict to pytest 9.0 due to breakage in custom pytest_configure (\u003ca href=\"https://redirect.github.com/psf/black/issues/4827\"\u003e#4827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/f705197f57149b79ed83cccf22e4fed19b48a7bf\"\u003e\u003ccode\u003ef705197\u003c/code\u003e\u003c/a\u003e t-string support (\u003ca href=\"https://redirect.github.com/psf/black/issues/4805\"\u003e#4805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.1.0...25.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2025.7.14 to 2026.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c64d9f3a8496c0195548697f2080e716af66dd6a\"\u003e\u003ccode\u003ec64d9f3\u003c/code\u003e\u003c/a\u003e 2026.01.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/389\"\u003e#389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4ac232f05a547071543d2fb069aa3c62b1dc79f3\"\u003e\u003ccode\u003e4ac232f\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/387\"\u003e#387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/95ae4b20e8abb7fa708e751e346466d16b36211a\"\u003e\u003ccode\u003e95ae4b2\u003c/code\u003e\u003c/a\u003e Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/386\"\u003e#386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/b72a7b1a40ae20755338d3132d8f880427b3b6fc\"\u003e\u003ccode\u003eb72a7b1\u003c/code\u003e\u003c/a\u003e Bump dessant/lock-threads from 5.0.1 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/385\"\u003e#385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ecc267216fbdcecb1b2aa2aa175152b773cc5ced\"\u003e\u003ccode\u003eecc2672\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/384\"\u003e#384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6a897dbc1124b17f179ef225742fcda481ec96f3\"\u003e\u003ccode\u003e6a897db\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/383\"\u003e#383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/27ca98ad845ee6d130a88301622c137893f71620\"\u003e\u003ccode\u003e27ca98a\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 7.0.9 to 7.0.11 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/56c59a63909cfd3162b37e7bc16956e64df0f737\"\u003e\u003ccode\u003e56c59a6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.0 to 6.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/382\"\u003e#382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ae0021cd43a77bfba67d20a041469cdf6996570e\"\u003e\u003ccode\u003eae0021c\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 6.0.0 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/ddf5d0b5d2a3d55fd92a79f141dbb5e074caf924\"\u003e\u003ccode\u003eddf5d0b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5.0.1 to 6.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2025.07.14...2026.01.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `colorful` from 0.5.7 to 0.5.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timofurrer/colorful/releases\"\u003ecolorful's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMini cleanup by \u003ca href=\"https://github.com/fliiiix\"\u003e\u003ccode\u003e@​fliiiix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timofurrer/colorful/pull/59\"\u003etimofurrer/colorful#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\"\u003ehttps://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timofurrer/colorful/blob/master/CHANGELOG.md\"\u003ecolorful's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v0.5.8]\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTest Python 3.14 support\u003c/li\u003e\n\u003cli\u003eDrop Python 2 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/3d5cbc6ef52255455e103dd6dd7cb2ce8b5ea91a\"\u003e\u003ccode\u003e3d5cbc6\u003c/code\u003e\u003c/a\u003e release: v0.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/48890f8f1b60a5668f7bcc5df769559c54121c25\"\u003e\u003ccode\u003e48890f8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timofurrer/colorful/issues/59\"\u003e#59\u003c/a\u003e from timofurrer/chore/cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/4d72903ba1c8e4e98870a03b2e626870ca2640f4\"\u003e\u003ccode\u003e4d72903\u003c/code\u003e\u003c/a\u003e Add Python 3.14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/89ee187095fc230c63a5c88537a37e6b6280910a\"\u003e\u003ccode\u003e89ee187\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/cd5e0ac06cb765d4ea0b8b5fe4a770530935400a\"\u003e\u003ccode\u003ecd5e0ac\u003c/code\u003e\u003c/a\u003e Run pyupgrade to migrate away from Python 2 code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/64655aab5e8012f13e1cc1ad6d9d0e315c900212\"\u003e\u003ccode\u003e64655aa\u003c/code\u003e\u003c/a\u003e Inherit from class is a Python 2 thing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/47ee2f6bda3ef915c4b0eb09cce7a628a6897731\"\u003e\u003ccode\u003e47ee2f6\u003c/code\u003e\u003c/a\u003e Drop encoding hint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timofurrer/colorful/commit/842803ebbf14a652cd2a1d11ef5cce18c25b068f\"\u003e\u003ccode\u003e842803e\u003c/code\u003e\u003c/a\u003e Cleanup comments\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/timofurrer/colorful/compare/v0.5.7...v0.5.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `exceptiongroup` from 1.3.0 to 1.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/exceptiongroup/releases\"\u003eexceptiongroup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAttributeError: 'TracebackException' object has no attribute 'exceptions'\u003c/code\u003e when formatting unpickled TBEs from another Python process which did not apply the \u003ccode\u003eexceptiongroup\u003c/code\u003e patches (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst\"\u003eexceptiongroup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVersion history\u003c/h1\u003e\n\u003cp\u003eThis library adheres to \u003ccode\u003eSemantic Versioning 2.0 \u0026lt;http://semver.org/\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.1\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAttributeError: 'TracebackException' object has no attribute 'exceptions'\u003c/code\u003e\nwhen formatting unpickled TBEs from another Python process which did not apply the\n\u003ccode\u003eexceptiongroup\u003c/code\u003e patches\n(\u003ccode\u003e[#144](https://github.com/agronholm/exceptiongroup/issues/144) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/144\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.3.0\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e**kwargs\u003c/code\u003e to function and method signatures as appropriate to match the\nsignatures in the standard library\u003c/li\u003e\n\u003cli\u003eIn line with the stdlib typings in typeshed, updated \u003ccode\u003e(Base)ExceptionGroup\u003c/code\u003e generic\ntypes to define defaults for their generic arguments (defaulting to\n\u003ccode\u003eBaseExceptionGroup[BaseException]\u003c/code\u003e and \u003ccode\u003eExceptionGroup[Exception]\u003c/code\u003e)\n(PR by \u003ca href=\"https://github.com/mikenerone\"\u003e\u003ccode\u003e@​mikenerone\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eBaseExceptionGroup.__init__()\u003c/code\u003e to directly call\n\u003ccode\u003eBaseException.__init__()\u003c/code\u003e instead of the superclass \u003ccode\u003e__init__()\u003c/code\u003e in order to\nemulate the CPython behavior (broken or not) (PR by \u003ca href=\"https://github.com/cfbolz\"\u003e\u003ccode\u003e@​cfbolz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged the \u003ccode\u003eexceptions\u003c/code\u003e attribute to always return the same tuple of exceptions,\ncreated from the original exceptions sequence passed to \u003ccode\u003eBaseExceptionGroup\u003c/code\u003e to\nmatch CPython behavior\n(\u003ccode\u003e[#143](https://github.com/agronholm/exceptiongroup/issues/143) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/143\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.2\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved an \u003ccode\u003eassert\u003c/code\u003e in \u003ccode\u003eexceptiongroup._formatting\u003c/code\u003e that caused compatibility\nissues with Sentry (\u003ccode\u003e[#123](https://github.com/agronholm/exceptiongroup/issues/123) \u0026lt;https://github.com/agronholm/exceptiongroup/issues/123\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.1\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the copying of \u003ccode\u003e__notes__\u003c/code\u003e to match CPython behavior (PR by CF Bolz-Tereick)\u003c/li\u003e\n\u003cli\u003eCorrected the type annotation of the exception handler callback to accept a\n\u003ccode\u003eBaseExceptionGroup\u003c/code\u003e instead of \u003ccode\u003eBaseException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed type errors on Python \u0026lt; 3.10 and the type annotation of \u003ccode\u003esuppress()\u003c/code\u003e\n(PR by John Litborn)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e1.2.0\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded special monkeypatching if \u003ccode\u003eApport \u0026lt;https://github.com/canonical/apport\u0026gt;\u003c/code\u003e_ has\noverridden \u003ccode\u003esys.excepthook\u003c/code\u003e so it will format exception groups correctly\n(PR by John Litborn)\u003c/li\u003e\n\u003cli\u003eAdded a backport of \u003ccode\u003econtextlib.suppress()\u003c/code\u003e from Python 3.12.1 which also handles\nsuppressing exceptions inside exception groups\u003c/li\u003e\n\u003cli\u003eFixed bare \u003ccode\u003eraise\u003c/code\u003e in a handler reraising the original naked exception rather than\nan exception group which is what is raised when you do a \u003ccode\u003eraise\u003c/code\u003e in an \u003ccode\u003eexcept*\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ddddb6fdf8582c4ae5187dc1bd258115974229fe\"\u003e\u003ccode\u003eddddb6f\u003c/code\u003e\u003c/a\u003e Added the release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/49c5e60d9efad1416f4f42455e119375904a1d6d\"\u003e\u003ccode\u003e49c5e60\u003c/code\u003e\u003c/a\u003e Fixed AttributeError when formatting unpickled TBEs from an unpatched process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/1be517f553249822a8fa12a4d7520d4b3ef15acd\"\u003e\u003ccode\u003e1be517f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/af0ea2fdfe218a4c2a1cb31ebd1a61dba459af6f\"\u003e\u003ccode\u003eaf0ea2f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/exceptiongroup/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/7c980a88a06a72db3d796d98504b335d24274abb\"\u003e\u003ccode\u003e7c980a8\u003c/code\u003e\u003c/a\u003e Removed pin on pyright version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ef853368c8b94479adbd33cc58f1cac05839e116\"\u003e\u003ccode\u003eef85336\u003c/code\u003e\u003c/a\u003e Fixed typing job not finding Python 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/080b3f4e925bbdb8cee70cc30c5ef2937eab2bde\"\u003e\u003ccode\u003e080b3f4\u003c/code\u003e\u003c/a\u003e Pinned pyright version to fix typeshed related failure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/ac660908a1987880eddbb249947c1eef6e08513b\"\u003e\u003ccode\u003eac66090\u003c/code\u003e\u003c/a\u003e Added Python 3.14 to the test matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/exceptiongroup/commit/a0da94dadfb39c0b52c0cd5c87ace166b00f74c1\"\u003e\u003ccode\u003ea0da94d\u003c/code\u003e\u003c/a\u003e Fixed test failures on Python 3.14\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/agronholm/exceptiongroup/compare/1.3.0...1.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h2` from 4.2.0 to 4.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst\"\u003eh2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.3.0 (2025-08-23)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Incompatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject header names and values containing illegal characters, based on RFC 9113, section 8.2.1.\nThe main Python API is compatible, but some previously valid requests/response headers might now be blocked.\nUse the \u003ccode\u003evalidate_inbound_headers\u003c/code\u003e config option if needed.\nThanks to Sebastiano Sartor (sebsrt) for the report.\u003c/li\u003e\n\u003cli\u003eConvert emitted events into Python \u003ccode\u003edataclass\u003c/code\u003e, which introduces new constructors with required arguments.\nInstantiating these events without arguments, as previously commonly used API pattern, will no longer work.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eAPI Changes (Backward Compatible)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eh2 events now have tighter type bounds, e.g. \u003ccode\u003estream_id\u003c/code\u003e is guaranteed to not be \u003ccode\u003eNone\u003c/code\u003e for most events now.\nThis simplifies downstream type checking.\u003c/li\u003e\n\u003cli\u003eVarious typing-related improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix error value when opening a new stream on too many open streams.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/1aae569315eb170cdff00582644aca37ee38db62\"\u003e\u003ccode\u003e1aae569\u003c/code\u003e\u003c/a\u003e v4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9e4bbed6138c825cd43d519674d00bd267650f30\"\u003e\u003ccode\u003e9e4bbed\u003c/code\u003e\u003c/a\u003e merge surrounding whitespace and uppercase validators into illegal character ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a\"\u003e\u003ccode\u003e035e989\u003c/code\u003e\u003c/a\u003e be stricter about which characters to accept for headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3\"\u003e\u003ccode\u003e883ed37\u003c/code\u003e\u003c/a\u003e reject header names and values containing unpermitted characters \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/0583911b29d05764bbe3f7691d59f4d5e83e249b\"\u003e\u003ccode\u003e0583911\u003c/code\u003e\u003c/a\u003e lint: fix TC006\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/bbd3d90c66cce51fbbe6b9af75cb0bef7004f9d5\"\u003e\u003ccode\u003ebbd3d90\u003c/code\u003e\u003c/a\u003e fix(packaging): bump twine to pass meta check wildcard bugs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/ea3140f484a6646ec09abccd0d3c7e955bce4f4c\"\u003e\u003ccode\u003eea3140f\u003c/code\u003e\u003c/a\u003e cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/9ce83ff7d77522ed30aea3b052990c43c1218104\"\u003e\u003ccode\u003e9ce83ff\u003c/code\u003e\u003c/a\u003e exclude RDT from sdist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/492d3db0a206d22ccabb99faeb53924f4af7a982\"\u003e\u003ccode\u003e492d3db\u003c/code\u003e\u003c/a\u003e Update .readthedocs.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h2/commit/243461d500822d1e78972946ce0dbc5905ab1ad9\"\u003e\u003ccode\u003e243461d\u003c/code\u003e\u003c/a\u003e Create RTD config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.11 (2025-10-12)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14, lowest supported version is Python 3.8.\u003c/li\u003e\n\u003cli\u003eVarious updates to packaging, including PEP 740 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/ad949ee3052c2265c66e3df2dd8871a5832ba327\"\u003e\u003ccode\u003ead949ee\u003c/code\u003e\u003c/a\u003e Release v3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cae4ba779e0a543823894bd4136651c187944da8\"\u003e\u003ccode\u003ecae4ba7\u003c/code\u003e\u003c/a\u003e Second release candidate for 3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8adb305165c77c4a45d1568a70ead75d2197692c\"\u003e\u003ccode\u003e8adb305\u003c/code\u003e\u003c/a\u003e Add space in RST link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/74cb2b652bb06133b0c4ab52cc98221be63162cf\"\u003e\u003ccode\u003e74cb2b6\u003c/code\u003e\u003c/a\u003e Release candidate for 3.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05dab09fdde5bbf7d52f757c4dc62e0ba934cca8\"\u003e\u003ccode\u003e05dab09\u003c/code\u003e\u003c/a\u003e Format idna-data with ruff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/90eac78b737d26613776b490432fc6d926b15c55\"\u003e\u003ccode\u003e90eac78\u003c/code\u003e\u003c/a\u003e Apply ruff formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a31ce7ecc0b767e40abb5ce28744ac567b73f366\"\u003e\u003ccode\u003ea31ce7e\u003c/code\u003e\u003c/a\u003e Remove errant test vectors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/81f03334211c78c1832991ce70ebafb3cbfbb79c\"\u003e\u003ccode\u003e81f0333\u003c/code\u003e\u003c/a\u003e Omit vectors known to be broken in test suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a0f32578c0cac28c7ffbb4c860c92eb2b9b579bd\"\u003e\u003ccode\u003ea0f3257\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into unicode-16-uts46-changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/38d98860e6a1ab92fd35ab09ea4739feabf339a3\"\u003e\u003ccode\u003e38d9886\u003c/code\u003e\u003c/a\u003e Remove extra UTS46 test vector\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.11\"\u003ecompare view\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/notus-scanner/pull/700","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fnotus-scanner/issues/700","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/700/packages"}}]}